Jump to content


  • Content count

  • Joined

  • Last visited

About GwilliamP

  • Birthday 02/06/1955

Profile Information

Recent Profile Visitors

12,084 profile views
  1. GwilliamP

    Htaccess not blocking private IP addresses?

    Thank you. changed to so will monitor for a while to see. Apache - no idea or how to find out. Linux 4.9.166kvmcap, PHP Version: 5.3.29. Unable to match "mod_access_compat" in the server info page. If your suggestion does not work I will take your advice and look for a more apropriate forum.
  2. Yes it is an old site (osCommerce Online Merchant v2.2 RC2a). I am trying to block 10.x.x.x addresses. This is a hosted site so maybe from internal addresses on the hosting system? In the domain root is the htaccess file, with permissions set to 755, which contains the following; <snip> order allow,deny deny from deny from deny from deny from deny from <snip> allow from all <snip> But I am still seeing 10.x.x.x entries. I have tried quite a few variants of the "deny from" line from a simple "10" to what is there now. Am I missing something simple or just being dumb?
  3. Could I also ask for the code you mentioned as I have a couple of RC2A sites I would like this on?Thanks, Paul.
  4. GwilliamP


    Can anyone help with a script problem? I have set up cron jobs to run sitemonitor.php (permisiions set to 744) for each domain daily. The report is emailed to me. Today the reports contained a list of files as below. Found a new file named shop/admin/fckeditor/editor/css/index.php Found a new file named shop/admin/includes/boxes/index.php Found a new file named shop/admin/includes/local/index.php Found a new file named shop/googlesitemap/Google-XML-Sitemap-Feed/index.php Found a new file named shop/googlesitemap/media/index.php Found a new file named shop/images/default/index.php Found a new file named shop/images/infobox/index.php Found a new file named shop/includes/local/index.php This was going to take a while to delete manually using FileZilla so I decided to write a script as follows. rm /home/www/<mydomain>/shop/admin/includes/boxes/index.php rm /home/www/<mydomain>/shop/admin/includes/functions/index.php rm /home/www/<mydomain>/shop/admin/includes/languages/english/modules/index.php rm /home/www/<mydomain>/shop/admin/sitemonitor_log_022_12_2012.txt rm /home/www/<mydomain>/shop/admin/sitemonitor_log_023_12_2012.txt rm /home/www/<mydomain>/shop/admin/sitemonitor_log_024_12_2012.txt rm /home/www/<mydomain>/shop/admin/sitemonitor_log_025_12_2012.txt rm /home/www/<mydomain>/shop/admin/sitemonitor_log_026_12_2012.txt rm /home/www/<mydomain>/shop/admin/sitemonitor_log_027_12_2012.txt rm /home/www/<mydomain>/shop/Images/Seed and Bugle/Mixed/index.php rm /home/www/<mydomain>/shop/webim/js/source/index.php Unfortunately each line returned an error as follows rm: cannot remove `/home/www/<mydomain>/shop/admin/fckeditor/editor/_source/internals/index.php\r': No such file or directory I had used ConTEXT as the editor which has never caused issues before yet running the script appears to have appended \r to each line. I viewed it in vi and could see no odd characters so believe it is 'clean'. Any ideas?
  5. @Mention Thank you for that. 6/7 are in catalog/includes/google/src which appears to contain a lot of irrelevant files. is catalog/includes/google even needed? I have managed to eventually get the login.php to show/use the buttons by moving the code below <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main" width="50%" valign="top"><b><?php echo HEADING_NEW_CUSTOMER; ?></b></td> <td class="main" width="50%" valign="top"><b><?php echo HEADING_RETURNING_CUSTOMER; ?></b></td> <? Unfortunately checkout_shipping.php is causing problems as 2.2 RC2a does not contain any of the code referred to in the instructions. I gather the new code is an account verification/redirection but, as my PHP is not at all good, am not sure where to insert the new code. I am pretty sure it needs to go in the following section. Can I be cheeky and ask how :blush: require('includes/application_top.php'); require('includes/classes/http_client.php'); // if the customer is not logged on, redirect them to the login page if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } // if there is nothing in the customers cart, redirect them to the shopping cart page if ($cart->count_contents() < 1) { tep_redirect(tep_href_link(FILENAME_SHOPPING_CART)); } // if no shipping destination address was selected, use the customers own address as default if (!tep_session_is_registered('sendto')) { tep_session_register('sendto'); $sendto = $customer_default_address_id; } else { // verify the selected shipping address if ( (is_array($sendto) && empty($sendto)) || is_numeric($sendto) ) { $check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$sendto . "'"); $check_address = tep_db_fetch_array($check_address_query); if ($check_address['total'] != '1') { $sendto = $customer_default_address_id; if (tep_session_is_registered('shipping')) tep_session_unregister('shipping'); } } } require(DIR_WS_CLASSES . 'order.php'); $order = new order; Thanks, Paul.
  6. Sorry for the double post but this issue has come up after creating both APIs. I am running 2.2 RC2a so will it work at all? If so, which query is suitable? Thanks (again), Paul.
  7. I am in the process of installing this for the first time by loading it into my sandbox. I am a little concerned by the 7 dwsync.xml files found in _notes folders in 7 locations. below are just 2 of the files and their content as examples. catalog/_notes/dwsync.xml <?xml version="1.0" encoding="utf-8" ?> <dwsync> <file name="googleloader.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129877090390519490" remote="129877855800000000" Dst="2" /> </dwsync> catalog/includes/google/src/contrib/_notes/dwsync.xml <?xml version="1.0" encoding="utf-8" ?> <dwsync> <file name="apiAnalyticsService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiAdsenseService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiBigqueryService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiBloggerService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiCustomsearchService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiFreebaseService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiBooksService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiCalendarService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiLatitudeService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiGanService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiOauth2Service.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiPagespeedonlineService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiModeratorService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiPredictionService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiPlusService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiOrkutService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiSiteVerificationService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiShoppingService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiTasksService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiTranslateService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiUrlshortenerService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiWebfontsService.php" server="www.conzept.de/oscommerce_3.02/" local="129755636660000000" remote="129876282600000000" Dst="2" /> <file name="apiAdsenseService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiAnalyticsService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiBigqueryService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiBloggerService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiCustomsearchService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiBooksService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiCalendarService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiFreebaseService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiLatitudeService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiOauth2Service.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiGanService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiPagespeedonlineService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiModeratorService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiPredictionService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiPlusService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiOrkutService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiSiteVerificationService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiShoppingService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiTasksService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiTranslateService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiUrlshortenerService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> <file name="apiWebfontsService.php" server="www.conzept.de/oscommerce_2.3.1_raw/catalog/" local="129755636660000000" remote="129877855800000000" Dst="2" /> </dwsync> I intend to delete all of these files before uploading as they contain references to another domain. This raises 2 questions. Will this break my sandbox install? Why were they included in the first place? Q1 - should I upload a zero byte file instead? Do I need a _notes folder in the first place? Thanks, Paul.
  8. GwilliamP


    As I have previously stated, this is one of the best 'peace of mind' contributions I have running. Unfortunately one of my less important domains is regularly hit by script kiddies dropping PHP files and other into the store/images folder. I confess that I do not have all available security addons installed but have changed every password including FTP and SSH without success. Without Site Monitor running as a CRON job I could have a lot of problems. Cleaning up after the nuisances was a pain! I eventualy tired of FTP deleting the junk so slowly eveolved the following that may be of use to anyone in a similar situation. I added a .htaccess file in the store/images folder to block running the files. That blocks anything other than dropping the file there in the first place. DO THIS even if you do nothing else below. I then created (from Googling a lot of PHP forums etc.) a method of deleting the offending files. Once proven to work I cleaned it up and added it to whos_online.php which I always have loaded. It is fast and with whos_online.php refreshing at 30 second intervals should mean that any script kiddy is unable to run anything from the store/images folder so should give up quite quickly. How to install. Create a .htaccess file in the store/images folder containing the following # $Id$ # # This is used to restrict access to this folder to anything other # than images # Prevents any script files from being accessed from the images folder <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> Order Deny,Allow Deny from all </FilesMatch> Create a clean-images.php file in store/admin/includes/functions containing the following <?php /* $Id: clean-images.php 10-09-2012 Paul Gwilliam */ function clean_images($mask) { $files = glob($mask); if(count($files) > 0){ foreach (glob($mask) as $filename){ if (file_exists($filename)){ echo "<p><b>$filename</b> size " . filesize($filename) . " Date/Time " . date ("d-m-Y H:i:s.", filemtime($filename)) . "</p>"; fclose($filename); chmod($filename, 0666); $do = unlink($filename); if($do=="1"){ echo "<p><font color=#00ff00>The file was deleted successfully.</font></p><p><hr></p>"; } else { echo "<p><font color=#ff0000>There was an error trying to delete the file.</font></p><p><hr></p>"; }} else { echo "<p>****** The file $filename does not exist ****** </p>"; } } } else { echo "<p><font color=#00ff00>****** No " . $mask . " files found to delete ******</font></p>"; } } $mask="" ?> Now open your store/admin/whos_online.php and look for </table> </td> <?php $heading = array(); $contents = array(); $heading[] = array('text' => '<b>' . TABLE_HEADING_SHOPPING_CART . '</b>'); Add the following before the </table> <tr> <td class="smallText" colspan="9"> <?php // Begin Clean Images Folder (uses includes/functions/clean-images.php) $path_to_file = "../images"; chdir($path_to_file); $mask = "*.php"; clean_images($mask); $mask = "*.cgi"; clean_images($mask); $mask = "*.pl"; clean_images($mask); $mask = "*.html"; clean_images($mask); $mask = "*.shtml"; clean_images($mask); $path_to_file = "../admin"; chdir($path_to_file); // End Clean Images Folder ?> </td> </tr> This can easily be modified to add other file types if desired. If you have found the correct placing it should add the output just after the section that informs you of your IP address. Test it by FTPing a few PHP or other files into your store/images folder. Suggestions on how to block the offending files being added in the first place would be welcom by PM as I do not wish to clutter this thread with irrelevant chatter.
  9. GwilliamP


    Thank you for that. All working nicely now. In case anyone else wants a working copy. <?php /* $Id: sitemonitor-CRON.php,v 1.0 31-07-2112 by Paul Purpose - Run runSitemonitor function twice, once for each config, with delay between */ require('includes/functions/sitemonitor_functions.php'); echo "Setting variables for config 0"; $instance = '0'; $logFile = 'sitemonitor_log' . '_' . $instance . '.txt'; $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt'; echo "RUNNING config 0"; require('sitemonitor_configure' . '_' . $instance . '.txt'); runSitemonitor($referenceFile, $logFile, $verbose); echo "Sleep"; sleep(60); require('sitemonitor_configure_1.txt'); echo "Setting variables for config 1"; $instance = '1'; $logFile = 'sitemonitor_log' . '_' . $instance . '.txt'; $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt'; echo "RUNNING config 1"; require('sitemonitor_configure' . '_' . $instance . '.txt'); runSitemonitor($referenceFile, $logFile, $verbose); echo "FINISHED"; ?> The results are emailed as per ususal. I would recommend removing or commenting out the debugging echo lines once you have tested it.
  10. GwilliamP


    Why is it that the simple things in life often turn out to be complicated? Taking your advice above I decided to write a simple .php file for CRON to run. The file, in theory, runs each config in turn. <?php /* $Id: sitemonitor-CRON.php,v 1.0 31-07-2112 by Paul Purpose - Run runSitemonitor function twice, once for each config, with delay between */ require('includes/functions/sitemonitor_functions.php'); echo "Setting variables for config 0"; $instance = '0'; $logFile = 'sitemonitor_log' . '_' . $instance . '.txt'; $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt'; echo "RUNNING config 0"; runSitemonitor($referenceFile, $logFile, $verbose); echo "Sleep"; sleep(60); echo "Setting variables for config 1"; $instance = '1'; $logFile = 'sitemonitor_log' . '_' . $instance . '.txt'; $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt'; echo "RUNNING config 1"; runSitemonitor($referenceFile, $logFile, $verbose); echo "FINISHED"; ?> The echo statements are purely for debugging. After uploading I entered the URL in the browser expecting to see the echo lines appear one at a time. The page blanked and eventually came back with I checked the logs but nothing was updated. I did not get either of the expected emails. Am I missing something obvious? As this is a bit off topic I do not mind if you do not wish to deal with this.
  11. GwilliamP


    Hi, A CRON related request but I am not sure if it belongs here or on a completely different forum about server management. I have successfully installed/configured this on 2 domains on the same hosting account. I have set up 2 CRON jobs that run once a day. One of my stores now has such a huge number of images that I am encountering time-outs. I have tested running two configs. One for the main osC excluding images, the other for images only. Works like a charm. Now my problem - I am limited to 2 CRON jobs only. Splitting one domain as above means I want to run three CRON jobs. I am thinking of putting the commands into a script file and just running the script as a single CRON job. /home/www/domain1.com/shop/admin/sitemonitor.php 0 /home/www/domain2.com/shop/admin/sitemonitor.php 0 /home/www/domain2.com/shop/admin/sitemonitor.php 1 I have 2 questions; Is this viable? Is there a way of adding a delay between the execution of each line? If not appropriate here, could you recommend a suitable forum? P.S. I can't thank you enough for the peace of mind this brings me each morning. Occasionally the lesser important domain gets a .php file dumped in the images folder but that is protected by a run block in .htaccess so I just delete it. This contribution alone has reduced my stress/worry level no end.
  12. GwilliamP

    Automatically send data feed to Froogle

    FTP upload (V3) problem - probably a Google issue. Up to now I have been manually down/up loading my products file. I had not previously set up an FTP account. When I saw that V3 was announced I decided to bite the bullet and upgrade and also use FTP to simplify the process. Unfortunately the FTP side of things does not seem to be working. Here is what I have done so far. Upgrade to V3 (using DiffMerge to identify and migrate the settings to the new googlefeeder.php) Run a manual check to verify it is working "Create and do not upload a GoogleBase datafeed" Create an FTP account with Google (http://www.google.co.uk/merchants/ftpsettings) Wait 24 hours even though it stated only 15 minutes for account to become live Run Create and Upload a GoogleBase datafeed - no sign of errors, usual results page displayed Wait 24 hours even though a manual upload is processed within an hour or so Check the Google Merchant Centre Dashboard to see the current products status - STILL showing expiring products! Open a browser page for ftp://uploads.google.com/ - no file Access ftp://uploads.google.com/ with FileZilla to verify above - no file Manually FTP (FileZilla) upload the file. Transfer without errors but no file appeared at Google's end? No matter what I do I can not see a file at ftp://uploads.google.com/. No errors, just no file! One odd thing I did notice was a 'sort of' error from the FileZilla upload log Status: File transfer successful, transferred 1,829,630 bytes in 39 seconds Status: Retrieving directory listing... Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (72,14,245,21,4,82) Command: LIST Response: 150 Opening BINARY mode data connection for directory listing. Status: Invalid character sequence received, disabling UTF-8. Select UTF-8 option in site manager to force UTF-8. Response: 226 Transfer complete. Status: Directory listing successful I am unsure about the UTF-8 message though the final result is a transfer and listing success. Where is the file? Does anyone have any suggestions for the next step in debugging or fixing this?
  13. GwilliamP

    Automatically send data feed to Froogle

    The UPI is a UNIQUE (global) code for your product. Bar Code number etc. Google Info Page. If your products have one then it needs to be included. My products never will so I contacted Google and got an exception which allowed the products to be listed and searchable. Exception Request Page. This is not best practice but got my products back in the listings.
  14. GwilliamP


    Thank you. File deleted and new reference file(s) created.
  15. GwilliamP


    "WARNING: Database tables have changed." After uploading new images and products to the store I decided to run "Delete Reference File" so that daily monitoring emails from a CRON job would only report valid changes. On opening the Site Monitor Admin page there was a Red line across the top of the page stating the above. I downloaded a database backup and, using DiffMerge, compared it with the latest weekly backup I had stored locally. DiffMerge shows a huge number of differences but, as far as I can see, they all relate to normal activity such as new customer details, shopping cart content, orders, new products and associated entries in categories etc. None of the Site Monitor text files on the server appear to contain any information to help me discover where the offending change might be. Am I missing something? I could edit the backup files to remove all field data leaving the Drop Table/Create Table info to see if the structure has been tampered with but that is a big job I would prefer to avoid if possible as I am up to my neck in day to day stuff as it is. Is there a way of determining what Site Monitor perceives as the change? [Edit] I just checked the Site Monitor configuration and logging is enabled but looking at the log the only occurrences of the term 'database' relate to PHP files. [/Edit] Does anyone have any suggestions on how to deal with this situation.