Jump to content
Latest News: (loading..)
Jack_mcs

SiteMonitor

Recommended Posts

If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically.

 

The contribution can be found here.

 

Jack

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

I've installed this contribution.But getting this errors:

 

Warning: fopen(sitemonitor_reference.php): failed to open stream: Permission denied in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 94

Warning: fwrite(): supplied argument is not a valid stream resource in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 106
Cannot write to file (sitemonitor_reference.php)

 

Hope someone will solve my problems.

Share this post


Link to post
Share on other sites

It looks like a server setting is preventing the code from creating the file. If you haven't tried to run it manually, do that (http://www.yoursite.com/admin/sitemonitor.php). If it still can't write, ask your host to see what settings they have that is preventing it.

 

Jack

Share this post


Link to post
Share on other sites

So if you at some point change a file on purpose, will it email you everytime it checks or only the first time finds the mismatch?

 

Im assuming you could just delete the site_reference.php file after you add a new file to 'reset' what everything is compared to?

Share this post


Link to post
Share on other sites

No i didn't delete site_reference.php.

 

Any other solutions??I like this sitemonitor bcoz it can inform me if some "idiot" want to make my web upside down or stealing my customers informatios.

Share this post


Link to post
Share on other sites

Those are questions for the developer, not potential solutions for you. Not sure why you thought I was reffering to you.

Share this post


Link to post
Share on other sites
Hurrm...I getting this error when I was trying to execute the URL manually.
What does your host say about the error?

 

Jack

Share this post


Link to post
Share on other sites
So if you at some point change a file on purpose, will it email you everytime it checks or only the first time finds the mismatch?
It emails everytime.
Im assuming you could just delete the site_reference.php file after you add a new file to 'reset' what everything is compared to?
That is correct. I thought about adding an admin section that would allow you to recreate the reference file, set the path and so on but I was trying to keep it simple. If there are a lot of requests for that option, I will add that code.

 

Jack

Share this post


Link to post
Share on other sites

Jack,

 

Thanks for this contrib I installed it as soon as I found out about it. When I ran http://www.mysite.com/admin/sitemonitor.php a blank page shows I dont know if its supposed to do this or not thats why I am asking.

 

Also where you change the absolute path to your own

/home/bob/public_html/admin

change the setting to

/home/bob/public_html

I am assuming you only do this once.

 

Thank you,

Eric


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites

Jack,

 

Sorry I should have read the file a little better. I found that you had to change the 0 to a 1 to display the results on the page when you run it manually.

 

I get these results, are they good or bad?

No new files found...

No deleted files found...

Difference found: New-> error_log 7289753 Original-> 7275493

Time Mismatch on error_log Last Changed on Saturday, 05 Aug 2006 20:43:51 GMT

No permissions mismatches found...

Email sent to shop owner.

 

Thanks again,

Eric


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites

The error log changing is usually normal. It won't always change but could. It can probably be safely ignored since it is a write only file. If someone hacked your site and made code changes, it would be unlikely for them to change that file. Otherwise the results you got are what you want to se. To test it, try uploading some file to your shop. Be sure it is one you don't need. Maybe upload it as zzz.php. When the script runs again you should see that file in your message. Be sure to delete the file when you are done.

 

Jack

Share this post


Link to post
Share on other sites

Nice contrib, I would like to add my voice to an admin panel feature, where it can be turned on/off via admin.


Stuart

Share this post


Link to post
Share on other sites

Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files

 

Thank you.

Share this post


Link to post
Share on other sites
Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files

 

Thank you.

 

what do you mean?

Share this post


Link to post
Share on other sites
Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files

 

Thank you.

Edit the sitemonitor.php file and remove admin from this string. Be sure to remove the quotes and comma associated with it. Then delete the sitemonitor_reference.php file.
 $excludeList = array("cgi-bin","admin","downloads","images","pub","tmp","temp");  //don't check these directories - change to your liking - must be set prior to first run

 

Jack

Share this post


Link to post
Share on other sites
I've installed this contribution.But getting this errors:

 

Warning: fopen(sitemonitor_reference.php): failed to open stream: Permission denied in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 94

Warning: fwrite(): supplied argument is not a valid stream resource in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 106
Cannot write to file (sitemonitor_reference.php)

 

Hope someone will solve my problems.

maybe chmod of admin-dir prevents this from being created!

create a txt file and rename it to sitemonitor_reference.php -> copy this to your /admin and then chmod this file to 777. then it should work.

Edited by Sir.K.O.

Share this post


Link to post
Share on other sites

Just think before writing :o

 

I got the same error as Rezolles_net -> Here's the working solution!

 

1. DON'T create the file sitemonitor_reference.php manually!! you already did? delete it!

2. chmod your admin directory with 777 but DON'T chmod the files within! just the directory!

3. run the script to generate the sitemonitor_reference.php

4. use the script regular as cronjob and watch bad things happen ;)

 

if you use daily automated updates for products, you may add "images" folder to exclude list or you will get mails every day when new pictures where added -> but also good option to see if it works ;)

Share this post


Link to post
Share on other sites
Just think before writing :o

 

I got the same error as Rezolles_net -> Here's the working solution!

 

1. DON'T create the file sitemonitor_reference.php manually!! you already did? delete it!

2. chmod your admin directory with 777 but DON'T chmod the files within! just the directory!

3. run the script to generate the sitemonitor_reference.php

4. use the script regular as cronjob and watch bad things happen ;)

 

if you use daily automated updates for products, you may add "images" folder to exclude list or you will get mails every day when new pictures where added -> but also good option to see if it works ;)

 

Thanks..it's working

 

Lol...you have to update your instructions... >_<

Share this post


Link to post
Share on other sites

I have to block out my admin directory or the script times out. Is there a way to specify not to scan certain folders within the admin directory, such as images, so that we can scan the other php files in admin and not timeout?

 

Would something like this work? :

$excludeList = array("cgi-bin","admin/images","downloads","images","pub","tmp","temp");

Edited by Sid04

Share this post


Link to post
Share on other sites

It should but I never tested it. You can try it though. Just delete your reference file and run it from admin. If it runs and your reference file has valid entries, then you are all set.

 

Jack

Share this post


Link to post
Share on other sites

What I posted above does work, just FYI.

 

Question for you though. I can use the above and scan my admin directory minus the images folder.....all works fine. I can then run the sitemonitor.php file and it runs very quickly, but if I add a small text file on the server(just a test file so it can find something different) it times out. Why does it run SO fast if no files have changed but time out if anything has changed?

Share this post


Link to post
Share on other sites

When a new file is added a different section of code is used to check for changes. This other section requires several passes to be made to find the changes. If the number of files being checked are large then it might time out on you. You would need to limit the files a little more until it will run without timing out. It is a server limitation and there is no easy way to code around that, other than limiting the size of the reference file.

 

Jack

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×