pátek 19. února 2016

How to change Woocommerce default ajax loader icon in Cart and Checkout

This little snippet will going to change your loader icon in WooCommerce Cart and Checkout.

In Cart you should see this icon when you update Shipping.
In Checkout you see this when you update Shipping or Sending an Order.

You should first create a new gif icon you want to use.
I'm using this generator: PreLoaders.NET

This is our .gif which size is 128px*128px. WooCommerce default loader is only 16px*16px which is pretty small.

The following code will change the loader in Cart and Checkout. If you need it only on CheckOut, delete the is_cart from if syntax. Add the code to you themes functions.php file.

add_filter('woocommerce_ajax_loader_url', 'woo_custom_cart_loader');
function woo_custom_cart_loader() {
 global $woocommerce;
 if(is_checkout() || is_cart()){
  return __(get_template_directory_uri().'/images/loader-ajax-new.gif', 'woocommerce');
  return __(get_template_directory_uri().'/images/ajax-loader@2x.gif', 'woocommerce');

The second thing you need to do is to increase the size of the loader icon, we told that this icon is only 16px*16px. So after uploading image to the themes /images folder or your custom places head to these files:

To increase the Cart loader icon: /wp-content/plugins/woocommerce/assets/js/frontend/cart.min.js

To increase the CheckOut loader icon: /wp-content/plugins/woocommerce/assets/js/frontend/checkout.min.js

Search for 16px and change them to 128px. If you upgrade WooCommerce these changes are going to be lost :) so change them again! :)

čtvrtek 11. února 2016

Cleaning JavaScript Malware On Your Linux Server (Removing Javascript Between Two Points)

So, I think everyone has faced this issue who has an own VPS server. Our problem was that sometimes every or some of JS files got infected. It can be a mass to delete the malware code from the files manually.

So with the help of this article I have created my own code: Linux Academy

The problem was that this code worked when the exploit code has began and ended with the same value. But our newest infection was a little bit tricky. Every JS files has a different malware comment value in it. So I cant use the code from Linux Academy anymore.

Sucuri have wroted about this infection: Link

The hackers injected encrypted code at the end of all legitimate .js files. Which seems like this (image from Sucuri):
I have struggled with this infection for a time. And I want to share my solution, which can remove this from every JS file within less then 5 seconds. Every command is called recursivily, so if you run it on public_html/ or www/ folder it will include wp-admin, wp-content, everything. The pattern in our case is a regular expression [a-z0-9]{32} means lowercase letters and numbers and exactly 32 times.

1. Search if there is a JS infection on your server, the -l switch will list only the file names
 find . -name "*.js" | xargs grep -E "\/\*[a-z0-9]{32}\*\/" -l | sort  

2. Add a new line character before the pattern, this is very important, sed can only delete lines from files upwards.
 find . -name "*.js" -exec sed -i "s/\/\*[a-z0-9]\{32\}\*\//\n&/g" '{}' \;  

3. Finally delete the malware code from all infected JS files:
 find . -name "*.js" -exec sed -i "/[a-z0-9]\{32\}/,/[a-z0-9]\{32\}/d" '{}' \;  

Before you try this please test it on one file, i have a CentOS server installed.
I have found three backdoors installed with the help of access_logs and blocked the IPs in our firewall.

I hope this helps someone.

Regards, Peter