Jump to content



Photo
* * * * * 3 votes

SiteMonitor


  • Please log in to reply
2164 replies to this topic

#1   Jack_mcs

Jack_mcs
  • Members
  • 26,542 posts
  • Real Name:Jack York
  • Gender:Male
  • Location:Michigan

Posted 05 August 2006 - 03:21

If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically.

The contribution can be found here.

Jack

Edited by Jack_mcs, 05 August 2006 - 03:22.


#2   safoo

safoo
  • Members
  • 514 posts
  • Real Name:Safoo

Posted 05 August 2006 - 05:16

Interesting contribution...definitely a great security feature. I will try it out when I get a chance

#3   Rezolles_Net

Rezolles_Net
  • Members
  • 201 posts
  • Real Name:Rezolles
  • Location:Malaysia

Posted 05 August 2006 - 16:36

I've installed this contribution.But getting this errors:

Warning: fopen(sitemonitor_reference.php): failed to open stream: Permission denied in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 94

Warning: fwrite(): supplied argument is not a valid stream resource in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 106
Cannot write to file (sitemonitor_reference.php)

Hope someone will solve my problems.

#4   Jack_mcs

Jack_mcs
  • Members
  • 26,542 posts
  • Real Name:Jack York
  • Gender:Male
  • Location:Michigan

Posted 05 August 2006 - 17:00

It looks like a server setting is preventing the code from creating the file. If you haven't tried to run it manually, do that (http://www.yoursite....sitemonitor.php). If it still can't write, ask your host to see what settings they have that is preventing it.

Jack

#5   Rezolles_Net

Rezolles_Net
  • Members
  • 201 posts
  • Real Name:Rezolles
  • Location:Malaysia

Posted 05 August 2006 - 17:02

Hurrm...I getting this error when I was trying to execute the URL manually.

#6   Sid04

Sid04
  • Members
  • 433 posts
  • Real Name:Bob bob

Posted 05 August 2006 - 17:17

So if you at some point change a file on purpose, will it email you everytime it checks or only the first time finds the mismatch?

Im assuming you could just delete the site_reference.php file after you add a new file to 'reset' what everything is compared to?

#7   Rezolles_Net

Rezolles_Net
  • Members
  • 201 posts
  • Real Name:Rezolles
  • Location:Malaysia

Posted 05 August 2006 - 17:23

No i didn't delete site_reference.php.

Any other solutions??I like this sitemonitor bcoz it can inform me if some "idiot" want to make my web upside down or stealing my customers informatios.

#8   Sid04

Sid04
  • Members
  • 433 posts
  • Real Name:Bob bob

Posted 05 August 2006 - 17:36

Those are questions for the developer, not potential solutions for you. Not sure why you thought I was reffering to you.

#9   Jack_mcs

Jack_mcs
  • Members
  • 26,542 posts
  • Real Name:Jack York
  • Gender:Male
  • Location:Michigan

Posted 05 August 2006 - 18:51

Hurrm...I getting this error when I was trying to execute the URL manually.

What does your host say about the error?

Jack

#10   Jack_mcs

Jack_mcs
  • Members
  • 26,542 posts
  • Real Name:Jack York
  • Gender:Male
  • Location:Michigan

Posted 05 August 2006 - 18:56

So if you at some point change a file on purpose, will it email you everytime it checks or only the first time finds the mismatch?

It emails everytime.

Im assuming you could just delete the site_reference.php file after you add a new file to 'reset' what everything is compared to?

That is correct. I thought about adding an admin section that would allow you to recreate the reference file, set the path and so on but I was trying to keep it simple. If there are a lot of requests for that option, I will add that code.

Jack

#11   matrix2223

matrix2223
  • Members
  • 862 posts
  • Real Name:Eric
  • Gender:Male
  • Location:MD USA

Posted 05 August 2006 - 20:40

Jack,

Thanks for this contrib I installed it as soon as I found out about it. When I ran http://www.mysite.co...sitemonitor.php a blank page shows I dont know if its supposed to do this or not thats why I am asking.

Also where you change the absolute path to your own
/home/bob/public_html/admin
change the setting to
/home/bob/public_html
I am assuming you only do this once.

Thank you,
Eric
Eric

Keep up on osCommerce changes and updates at Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.


#12   matrix2223

matrix2223
  • Members
  • 862 posts
  • Real Name:Eric
  • Gender:Male
  • Location:MD USA

Posted 05 August 2006 - 20:48

Jack,

Sorry I should have read the file a little better. I found that you had to change the 0 to a 1 to display the results on the page when you run it manually.

I get these results, are they good or bad?
No new files found...
No deleted files found...
Difference found: New-> error_log 7289753 Original-> 7275493
Time Mismatch on error_log Last Changed on Saturday, 05 Aug 2006 20:43:51 GMT
No permissions mismatches found...
Email sent to shop owner.

Thanks again,
Eric
Eric

Keep up on osCommerce changes and updates at Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.


#13   Jack_mcs

Jack_mcs
  • Members
  • 26,542 posts
  • Real Name:Jack York
  • Gender:Male
  • Location:Michigan

Posted 06 August 2006 - 00:09

The error log changing is usually normal. It won't always change but could. It can probably be safely ignored since it is a write only file. If someone hacked your site and made code changes, it would be unlikely for them to change that file. Otherwise the results you got are what you want to se. To test it, try uploading some file to your shop. Be sure it is one you don't need. Maybe upload it as zzz.php. When the script runs again you should see that file in your message. Be sure to delete the file when you are done.

Jack

#14   stu2000

stu2000
  • Members
  • 465 posts
  • Real Name:Stuart Newton
  • Gender:Male
  • Location:Aberdeen, Scotland, UK

Posted 06 August 2006 - 08:38

Nice contrib, I would like to add my voice to an admin panel feature, where it can be turned on/off via admin.
Stuart

#15   tonyfourthumbs

tonyfourthumbs
  • Members
  • 78 posts
  • Real Name:Tony

Posted 06 August 2006 - 08:39

Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files

Thank you.

#16   Rezolles_Net

Rezolles_Net
  • Members
  • 201 posts
  • Real Name:Rezolles
  • Location:Malaysia

Posted 06 August 2006 - 08:53

Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files

Thank you.


what do you mean?

#17   Jack_mcs

Jack_mcs
  • Members
  • 26,542 posts
  • Real Name:Jack York
  • Gender:Male
  • Location:Michigan

Posted 06 August 2006 - 13:40

Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files

Thank you.

Edit the sitemonitor.php file and remove admin from this string. Be sure to remove the quotes and comma associated with it. Then delete the sitemonitor_reference.php file.
$excludeList = array("cgi-bin","admin","downloads","images","pub","tmp","temp");  //don't check these directories - change to your liking - must be set prior to first run

Jack

#18   Sir.K.O.

Sir.K.O.
  • Members
  • 19 posts
  • Real Name:Sirko Wolfram

Posted 06 August 2006 - 21:16

I've installed this contribution.But getting this errors:

Warning: fopen(sitemonitor_reference.php): failed to open stream: Permission denied in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 94

Warning: fwrite(): supplied argument is not a valid stream resource in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 106
Cannot write to file (sitemonitor_reference.php)

Hope someone will solve my problems.

maybe chmod of admin-dir prevents this from being created!
create a txt file and rename it to sitemonitor_reference.php -> copy this to your /admin and then chmod this file to 777. then it should work.

Edited by Sir.K.O., 06 August 2006 - 21:19.


#19   Sir.K.O.

Sir.K.O.
  • Members
  • 19 posts
  • Real Name:Sirko Wolfram

Posted 06 August 2006 - 21:37

Just think before writing /ohmy.gif' class='bbc_emoticon' alt=':o' />

I got the same error as Rezolles_net -> Here's the working solution!

1. DON'T create the file sitemonitor_reference.php manually!! you already did? delete it!
2. chmod your admin directory with 777 but DON'T chmod the files within! just the directory!
3. run the script to generate the sitemonitor_reference.php
4. use the script regular as cronjob and watch bad things happen /wink.gif' class='bbc_emoticon' alt=';)' />

if you use daily automated updates for products, you may add "images" folder to exclude list or you will get mails every day when new pictures where added -> but also good option to see if it works /wink.gif' class='bbc_emoticon' alt=';)' />

#20   Rezolles_Net

Rezolles_Net
  • Members
  • 201 posts
  • Real Name:Rezolles
  • Location:Malaysia

Posted 07 August 2006 - 05:49

Just think before writing /ohmy.gif' class='bbc_emoticon' alt=':o' />

I got the same error as Rezolles_net -> Here's the working solution!

1. DON'T create the file sitemonitor_reference.php manually!! you already did? delete it!
2. chmod your admin directory with 777 but DON'T chmod the files within! just the directory!
3. run the script to generate the sitemonitor_reference.php
4. use the script regular as cronjob and watch bad things happen /wink.gif' class='bbc_emoticon' alt=';)' />

if you use daily automated updates for products, you may add "images" folder to exclude list or you will get mails every day when new pictures where added -> but also good option to see if it works /wink.gif' class='bbc_emoticon' alt=';)' />


Thanks..it's working

Lol...you have to update your instructions... /pinch.gif' class='bbc_emoticon' alt='>_<' />