Jump to content

sijo

Members
  • Content count

    268
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by sijo


  1. Hi Sijo,

     

    Hope all is excellent with you.

     

    The mod works great (Thanks very much!) on hosted sites. However using a local machine with xxamp, php 5.3, VTS 1.0.8,

    and windows xp,

    getting this when running ocVTS:

     

    Fatal error: Virus.def vulnerable to overwrite, please change permissions in C:\server\xampp\htdocs\public_html\renamed ADMIN FOLDER\AV\ocVTS.php on line 78

     

    I have never tested it on a local machine and I dont have the possibility to do it either. I dont think I can help you with this, sorry...

    You could try to comment out these two lines like this:

    //if (!check_defs('virus.def'))
    //trigger_error("Virus.def vulnerable to overwrite, please change permissions", E_USER_ERROR);
    


  2. Hi Sijo!

     

    Just installed your latest version of VTS and got this... should any of these be a concern to me? I just cleaned up a bunch of suspected infected files which I compared to an original copy of my catalog store which were not there before.

     

    First: You should not list your serverpath in public like you did here.

     

    Since I dont now the addons you are using, you have to compare reported files with your original one to see if there is any diffs or maybe files that should not be there.

     

    Files reported in ocVTS' folder AV are ok..

     

    And you should rename your admin dir.


  3. Thanks for your swift response.

     

    Could you explain why error_reporting(0

    is considered a threat?

     

    Also once you check a file, is there a way to mark

    that particular line as safe for future scans?

     

    jk

     

    Q1: It's a 'nota bene ' because some unfriendly scripts could turn off error reporting for some reason..

    Q2: It could be done, but I dont have the time to look into it now...


  4. Thank you for the well-designed component.

    (using v1.0.8 and rc2a)

    Not sure about the error messages and how to

    determine what's ok.

     

    Specifically:

    eval(base64_decode

    error_reporting(0)

    eval( )

    iframe

    shell_exec

    htaccess (User Agent <=> EmailSiphon )

    passthru

     

    Are there any pointers/guidelines to help

    identify the good from the good-bye.

     

    Thanks for any insight.

    jk

     

    You have to check against the original osC (or add-ons) files if you are uncertain...


  5. Yep, you're right. It is the same mistake as before but in a different file. To fix it, edit sitemonitor_admin.php and change

      $admin = trim(DIR_WS_ADMIN, '/');
     if ($admin === 'admin') {

    to

      $adminSM = trim(DIR_WS_ADMIN, '/');
     if ($adminSM === 'admin') {

     

    Thanks, now it's right..:)


  6. Hi Chris,

     

    I have Online Merchant osCommerce Online Merchant v2.2 RC2

    I don't use any different template. I just modified the main css and images. I don't modify php code because I'm not able to do it without help.

     

    Anywhere, the code is:

     

    from line 750 to 839

     

     

    This is what you have in your code:

    <?php
    }
    <!-- Simple multi image addon -->
    <tr><td>Additional Images:</td><td class="main" colspan="3"><table summary=""><tr>
    

     

    And it should be: (diff on line 3 here)

    <?php
    }
    ?>
    <!-- Simple multi image addon -->
    <tr><td>Additional Images:</td><td class="main" colspan="3"><table summary=""><tr>
    


  7. Hmm, strange. I just checked and the fix I previously posted for that is in the new file so I don't see how that is happening. Is the problem still in the configure section? Is the code I posted for the fix in your file?

     

    It happens when I click the "Sitemonitor" menu button now. (Before I press Configure).

    And yes, the code for the fix ($adminSM) is in my file.


  8. My Sitemonitor is working ok, but I wonder why this is happening:

     

    In osC admin panel to the right of the top menubar it says: (I have changed my username here wink.gif)

    Logged in as: steini (Logoff)

     

    But after clicking Sitemonitor -> Configure this is what it says:

    Logged in as: c (Logoff)

     

    And stays that way until I close admijn panel and restart it again.

    Why is Sitemonitor changing the username info on that line?


  9. Thanx for quick reply! Hey this is the result from OcVTSa :

     

    osCommerce VTSa v1.0.8

    Directory depth set to 100

    Directory root: /home/xvzhxrwy/public_html/shop

     

    /home/xvzhxrwy/public_html/shop/images/.sys.php...SUSPECTED (eval/base64_decode found) on line: 4

    is eval/base64 dangerous?

     

     

    It could be, but it is also used in some code. You should compare the suspected file with a safe copy of the same file to see if this is right.

    In your case there is a .sys.php file in your images directory. Normally there should NOT be any php files in your images directory.

     

    BTW: You should NOT list your full path here in open forums as you did above. There could be hackers in here, and now they know where to go on your site. Also: Rename your admin dir, and please read this How to secure your site


  10. Here What I have:

     

    $CONFIG['scanpath'] = $_SERVER['public_html']."/shop";

     

    Should I replace 'public_html' ? My document root is /home/username/public_html/shop/

     

    Is the result from OcVTSa Scan, means everything OK? Please guid me.

     

    If you want to scan from /shop then use:

    $CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT']."/shop";
    

     

    If you want to scan from your site root, then use:

    $CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT'];
    


  11. Warning: opendir(/shop) [function.opendir]: failed to open dir: No such file or directory in /home/xvzhxrwy/public_html/shop/admin/AV/ocVTSa.php on line 255

     

     

    Files checked: 0

    Files suspected: 0

    Files infected: 0

    Files cleaned: 0

    Clean errors: 0

    Clean warnings: 0

     

     

    What Did I do wrong in Installation process?

     

    What do you have in config.php for this? :

    $CONFIG['scanpath'] =
    


  12. My website has been hacked and I have found a number of infected files thanks to VTS.

     

    I do have an issue though. I am not able to load my website using on Internet Explorer browser, my Kaspersky virus check comes up with a 'Access Denied' message and indicates my website is infected by HEUR:Trojan.Script.Iframer

     

    On Chrome and Firefox there is no message and the website loads OK

     

    I have read about false positives when using Kaspersky. Is there any guidance you can give me on how to proceed.

     

    Do you have a link to your site I could try?

    You could replace all infected files with safe ones, but:

    The best way is to clean your site and then upload it from a safe backup.

    Read the How to secure your site to be sure you have done what's needed to have a secure site..


  13. I'm assuming that I have a setting wrong some where. My root isn't in public_htm but in htdocs, is that correct?

     

    My settings in whitespace.php is:

     

    $ftp_site = 'www.mywebsite.co.uk'; // your ftp site

    $ftp_usr = 'mywebsite.co.uk'; // your ftp username

    $ftp_pwd = 'password'; // your ftp password

    $ftp_root = 'htdocs'; // your ftp site root folder

     

    The problem has to do with whitespace checking. Try to turn this off in whitespace.php :

    // check for leading & trailing whitespace:
    //$chk_ws = true;  // ON
    $chk_ws = false;  // OFF
    
    // remove leading & trailing whitespace if found (if set to true, $chk_ws also need to be true!):
    //$rmv_ws = true;  // ON
    $rmv_ws = false;  // OFF
    

     

    When you run ocVTS it will list your 'Scan root:' near the top. What does it say?

     

    $ftp_site, $ftp_usr and $ftp_pwd should be the same as when you FTP (upload) files to your site.


  14. Thank you for your reply.

     

    I have installed all the files in accordance with your instructions including the ocVTS file but can not see any reference to "Virus & Threat Scan" in Admin.

     

    Can you list here your admin/includes/header.php file..


  15. Hi SIJO

     

    I am looking myself crazy for the double // but i can not find them , i also found more instances of the // thing , so something obviously is wrong here.

    Since I dont have your source, I cant tell you where it is. You have to search your files for keywords to find it..

    Also look in your catalog/includes/configure.php file..

     

    And now Discobob83 says he has this in his sts-templates.html:

     

    <div id="website_name"><?php echo STORE_NAME; ?></div>

     

    wich i also not seem to have.

     

    Again, search your files for website_name ..

    (Your Dynamenu is working so you dont really need to search for it..)


  16. Thanks for the contribution. It was working great. Now I am facing a problem. I recently the SiteMonitor contribution (http://www.oscommerce.com/community/contributions,4441). When I try to go into the sitemonitor configuration in the shop's admin panel, my IP is banned in the htaccess file. I see this error:

     

    Forbidden!
    403 Permission Denied
    Your IP is banned or file is forbidden
    You do not have permission for this request
    

    I do not know what addons you are using that is reporting this, but it is not ocVTS.

    I'm sorry, but I cant help you with this..


  17. thank you. great work.

    all the problems that i was having is solved.

    Glad to hear it works thumbsup.gif

     

    it might be very presumptuous of me but i have two suggestion

    i do not have any idea how had or easy it is going to be but if you could add a replace to the grep.php

    so once the keyword is found it can replace it.

    I dont think I would do that with ocVTS, but you can use this program for that.

     

    also if it is possible to use application_top.php

    i have my admin area require login and that would put these files behind the login

     

    ocVTS is for admin use and not for users, that's why it is placed inside admin. (If I understand your question right?)

×