2042 replies to this topic

[Jack_mcs]

dvharrison, on 30 January 2012, 14:41, said:

Hi I have just installed this add-on using XAMPP on localhost. I have got to configure and changed the email address. the curl username and password has been removed as I'm not using this.

Anyway I get to update and at the top of the screen I get the error pink stripe and the warning sign but no message. When I get to Sitemonitor > Configure, I get a warning
saying The sitemonitor_reference file cannot be written to.

This is a permissions problem. You have to allow files the files in admin write permissions. This is nomally the case in Xampp but maybe you have something different in your setup.

Quote

I also get the following mesaage in Administrators:

This isn't anything to do with SiteMonitor. It is a security option in 2.3. If you search the forums for it, you will find how to use it, though it is not necessary when using a local setup.

Quote

I also get a note on the SiteMonitor admin page :
Which leads me to a 2.2 add-on.

Version Checker isn't required, though it is recommended. It will run on any version and the installation requires two files to be uploaded - nothing else.

[Jack_mcs]

dvharrison, on 30 January 2012, 14:43, said:

Hi Adamanto75

You need to add the line on step 4 before the first


I know because I initially made that error as well. :)

The instruction says

Quote

If your shop is AFTER version 2.3, add this before the first ?>

Please explain how that is incorrect.

Edited by Jack_mcs, 30 January 2012, 16:25.

[razeryokes]

Hi Jack_mcs,

I found a typo in your last version of the contribution (3.1)

In the file /UpdateDocs/update_V_2.9_to_V_3.0.txt

I think that the line:
"4) In any sitemonitor_log....txt files, find the line that starts with"

should be replaced by
"4) In any sitemonitor_configure_....txt files, find the line that starts with"


Thank you to anyone that contributes to OSCommerce. I was a complete newbie two months ago and all the available info/discussions really helped me.

[Jack_mcs]

razeryokes, on 31 January 2012, 00:53, said:

Hi Jack_mcs,

I found a typo in your last version of the contribution (3.1)

In the file /UpdateDocs/update_V_2.9_to_V_3.0.txt

I think that the line:
"4) In any sitemonitor_log....txt files, find the line that starts with"

should be replaced by
"4) In any sitemonitor_configure_....txt files, find the line that starts with"


Thank you to anyone that contributes to OSCommerce. I was a complete newbie two months ago and all the available info/discussions really helped me.

Thank you for posting that mistake. I have made the correction.

[globalvision]

Công Ty TNHH Tầm Nhìn Toàn Cầu, Cung cấp thiết bị, giải pháp mã số mã vạch cho ngành bán lẻ, nhà hàng, siêu thị, trung tâm thương mại...

www.globalvision.com.vn

,

www.vinapos.com.vn,

www.wincor.com.vn

Edited by globalvision, 31 January 2012, 06:19.

[dvharrison]

Jack_mcs, on 30 January 2012, 16:24, said:

The instruction says
Please explain how that is incorrect.

Jack you have completely the wrong end of the stick. The guy was asking why the box didn't show up and I merely told him about the mistake I had made which sounded similar to what I had done previously. It was no criticism on your part at all.

Thanks for your prompt reply on the other stuff.

[dvharrison]

I mean to what he had done previously.

[Jack_mcs]

dvharrison, on 31 January 2012, 10:49, said:

Jack you have completely the wrong end of the stick. The guy was asking why the box didn't show up and I merely told him about the mistake I had made which sounded similar to what I had done previously. It was no criticism on your part at all.

Thanks for your prompt reply on the other stuff.

I didn't take it as criticism. I read it as you saying the instructions were wrong and I was asking how so they could be corrected. Just a simple question.

[dvharrison]

No I'm not saying the instructions were wrong just that I couldn't read properly. ;)

I missed that all vital word First ?> and that was my error.

As for XAMPP setup, I honestly haven't changed permissions. On the configure files, these are easy to set to read only from Explorer but XAMPP does assume that everything is read/write.exe .
I googled it and someone suggested changing the file permissions using a terminal. Sadly the person failed to say what terminal!

Edited by dvharrison, 31 January 2012, 14:36.

[Jack_mcs]

dvharrison, on 31 January 2012, 14:31, said:

As for XAMPP setup, I honestly haven't changed permissions. On the configure files, these are easy to set to read only from Explorer but XAMPP does assume that everything is read/write.exe .
I googled it and someone suggested changing the file permissions using a terminal. Sadly the person failed to say what terminal!

You should post the question in the general forum since it isn't a SiteMonitor issue.

[dvharrison]

I didn't know the problem was until then. And this is the only instance where I've had a problem.

[mr_absinthe]

Jack, I've installed the latest version and this is what I see at the top:
[img]http://img1.absintheoriginal.cz/warning_image.jpg[/img]
I've double checked both image directories including subdirectories and found no non-image type files there.
 warning_image.jpg   18.07K   2 downloads

Edited by mr_absinthe, 01 February 2012, 09:55.

[Jack_mcs]

mr_absinthe, on 01 February 2012, 09:53, said:

Jack, I've installed the latest version and this is what I see at the top:
[img]http://img1.absintheoriginal.cz/warning_image.jpg[/img]
I've double checked both image directories including subdirectories and found no non-image type files there.
warning_image.jpg

Someone recently had this problem and posted a change to the code that allowed it to work for him. It seems there is a php compatibility problem or maybe a memory limit being reached due to nested calls. I think it was in the last page or two so it should be easy to find.

Edited by Jack_mcs, 01 February 2012, 13:06.

[mr_absinthe]

Thank you. I've found it and I've changed the following in sitemonitor_admin.php, from:

$invalidFiles = array_merge((array)glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php'),(array)glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.txt'));
  if (!empty($invalidFiles)) {
	$messageStack->add(ERROR_IMAGES_HAS_PHP, 'error');
	foreach ($invalidFiles as $filename) {
	  echo $messageStack->add($filename);
	}
  }

to:

$invalidFiles = glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php');
  if(is_array($invalidFiles) && count($invalidFiles) > 0)
  {
		  $messageStack->add(ERROR_IMAGES_HAS_PHP, 'error');
   foreach($invalidFiles as $filename)
		  {
				echo $messageStack->add($filename);
		  }
  }
  $invalidFiles = glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.txt');
  if(is_array($invalidFiles) && count($invalidFiles) > 0)
  {
		  $messageStack->add(ERROR_IMAGES_HAS_PHP, 'error');
   foreach($invalidFiles as $filename)
		  {
				echo $messageStack->add($filename);
		  }
  }

All is fine now, the message is gone, running fine on php 5.3.6

[RMD27]

when i click the configure button i get this


"Forbidden

You don't have permission to access /bad_conduct/ban.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

any tips?

[Jack_mcs]

RMD27, on 07 February 2012, 12:18, said:

when i click the configure button i get this


"Forbidden

You don't have permission to access /bad_conduct/ban.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

any tips?

That file isn't part of this contribution. 404 means a file could not be found. If that is due to SiteMonitor, then you'e probably made a mistake with the installation.

[RMD27]

Jack_mcs, on 07 February 2012, 13:16, said:

That file isn't part of this contribution. 404 means a file could not be found. If that is due to SiteMonitor, then you'e probably made a mistake with the installation.

About forbidden, its from this contribution XSS/ BAD BEHAVIOR BLOCK. I'm thinking SiteMonitor is doing something it doesn't like.

Would you know if this is correct and if so do you have any experience of this issue before? The admin part of SiteMonitor works fine but configure bit has this issue.

About the 404 issue, is it possible it is connected to this "forbidden" issue? If so Id like to find out what conflict there is between XSS and SiteMoniter, if any, and go from there

[RMD27]

now I get this - if someone can tell me what I need to temporarily do with XSS to get SiteMonitor to run it would be appreciated

Forbidden!

403 Permission Denied



Your IP is banned or file is forbidden
You do not have permission for this request

Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted

• This value may indicate an attempt to compromise our server security, such as a cross-site scripting attack.
  
• Please do not be alarmed: it is possible the suspected attempt was triggered innocently.
  
• Additionally, we will log your IP address, your request, and the date and time. This information is recorded for security purposes only.
  
• These disclosures may also be needed for data privacy or to investigate or respond to a complaint or security threat.

We do not claim any ownership of the content collected. This is done for purposes such as diagnosing service or technical problems, and maintaining server security.

[modem2.0]

Hi Jack,

I have just installed this contrib, however I can't configure it with the file sitemonitor_configure_setup.php, I'm having a 404 error.

When looking at the error log in my server I see the following:

[Tue Feb 14 16:43:41 2012] [error] [client 194.113.59.80] ModSecurity: Access denied with code 404 (phase 4). Pattern match "(?:(?:<title>[^<]*?(?:\\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\\b|imhabirligi phpftp)|(?:r(?:emote explorer|57 ?shell)|aventis klasvayv|zehir)\\b|\\.::(?:news remote php shell injection::\\.| rhtools\\B)|ph(?:P(?:(?: commander|-terminal)\\b|remotev ..." at RESPONSE_BODY. [file "/etc/httpd/modsecurity.d/50_asl_rootkits.conf"] [line "102"] [id "390149"] [rev "16"] [msg "Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Backdoor access denied"] [data "r57shell"] [severity "CRITICAL"] [hostname "www.MYSERVER.com"] [uri "/admin/sitemonitor_configure_setup.php"] [unique_id "S-S5dn8AAAEAACqpNhgAAAAC"]

Any ideas?

Thanks in advance for any input!

[Jack_mcs]

modem2.0, on 14 February 2012, 16:48, said:

Hi Jack,

I have just installed this contrib, however I can't configure it with the file sitemonitor_configure_setup.php, I'm having a 404 error.

When looking at the error log in my server I see the following:

[Tue Feb 14 16:43:41 2012] [error] [client 194.113.59.80] ModSecurity: Access denied with code 404 (phase 4). Pattern match "(?:(?:<title>[^<]*?(?:\\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\\b|imhabirligi phpftp)|(?:r(?:emote explorer|57 ?shell)|aventis klasvayv|zehir)\\b|\\.::(?:news remote php shell injection::\\.| rhtools\\B)|ph(?:P(?:(?: commander|-terminal)\\b|remotev ..." at RESPONSE_BODY. [file "/etc/httpd/modsecurity.d/50_asl_rootkits.conf"] [line "102"] [id "390149"] [rev "16"] [msg "Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Backdoor access denied"] [data "r57shell"] [severity "CRITICAL"] [hostname "www.MYSERVER.com"] [uri "/admin/sitemonitor_configure_setup.php"] [unique_id "S-S5dn8AAAEAACqpNhgAAAAC"]

Any ideas?

Thanks in advance for any input!

The 404 is a page not found. The error is a server error and seems to be saying it won't allow access since it has detected hacker code, which is in the configure file. You should double check the installation and if it is correct, with all files on the server, then ask your host to interpret that error.