Guest Posted October 15, 2009 Share Posted October 15, 2009 That would indicate the directories can't be read since glob is not returning an array. I suppose there could be something on your server preventing glob from working correctly. You could add print_r $tmpArray; to see the output but since the code is checking for that already, I don't think it will show you anything. You could try changing the initial directory set here $aFiles = rglob(DIR_FS_CATALOG, '*'); to some sub-directory that you can manipulate, like $aFiles = rglob('tmp', '*'); If that works, then you could expand the initial path until it fails. OK, we are making progress! I made a dumb mistake and had set the source starting directory to the wrong place right before this last change. I have it switched back to DIR_FS_CATALOG, and this is the response: Checked 20 directories containing a total of 140 files. Skipped 0 files. 2 suspected hacked files found. Hacked Files Found hack.php imagemagic.php This is correct because the hack.php file is one that I seeded, and the other contains a base64 encoding line. BUT, when I seeded the hack file deeper into the directory structure, it isn't finding them. So it is scanning the main directory, but it's not scanning files as it traverses the directory structure. This is the current state of my rglob() function: function rglob($sDir, $sPattern, $nFlags = NULL) //recursive function to get array of all files and directories { $aFiles = glob("$sDir/$sPattern", $nFlags); //get the initial directory $tmpArray = glob("$sDir/*", GLOB_ONLYDIR); if (is_array($tmpArray) && ! empty($tmpArray)) foreach ($tmpArray as $sSubDir) //recursive call { $aSubFiles = rglob($sSubDir, $sPattern, $nFlags); array_merge($aFiles, (array)$aSubFiles); } return $aFiles; } Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 15, 2009 Author Share Posted October 15, 2009 Hi again; I found this code to exclude a file, would this work on directories, as well? I have tried a couple variations with no luck. Here is the error I am getting for each directory that is linked: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/XXXSSS/public_html/mannix (errno=13 - Permission denied) in /home/XXXSSS/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 Thanks again... I'm sure there is a way around it but I don't know what it is without testing. Since it isn't anything to do with the contribution, it probably isn't something I will work on though. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 15, 2009 Author Share Posted October 15, 2009 OK, we are making progress! I made a dumb mistake and had set the source starting directory to the wrong place right before this last change. I have it switched back to DIR_FS_CATALOG, and this is the response: Checked 20 directories containing a total of 140 files. Skipped 0 files. 2 suspected hacked files found. Hacked Files Found hack.php imagemagic.php This is correct because the hack.php file is one that I seeded, and the other contains a base64 encoding line. BUT, when I seeded the hack file deeper into the directory structure, it isn't finding them. So it is scanning the main directory, but it's not scanning files as it traverses the directory structure. You may want to ask your host if they know if glob will work on your server. There are a few that it won't. In that case, the code would have to be replaced with the standard fopen type code. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 16, 2009 Share Posted October 16, 2009 You may want to ask your host if they know if glob will work on your server. There are a few that it won't. In that case, the code would have to be replaced with the standard fopen type code. Actually, I'm my own host, maybe not the most knowledgeable sysadmin, but I am using several other scripts that have the glob function and they seem to run fine for what the script is asking glob to do. I'll keep working on it. This is a great script. And a valuable service. I had been hacked a couple of times using the same exploit, and one of the things that they did to sift off more identity information was add a script to the index.php page that would automatically turn on the Date of Birth question in the database config, which none of my customers require, so I created a piece of code that would email the admin whenever the DOB function was turned on. This is an instant notification and we don't have to wait for the scanner schedule. If you think this might be helpful, I can send you the code. It's just a simple include and an extra file. I have saved the other hacked files for reference, and I'll also see if I can identify any additional signatures that you can use in your hacked file detection setup. What would be really nice would be to create a text file that can be updated with the code signatures that other people have found. This can be similar to the spiders.txt setup. When a new exploit is found, it can be added to the txt file and updated on the sites easily. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 16, 2009 Author Share Posted October 16, 2009 Thank you for the suggestions. You can post the DOB code here if you like. I may add it to the next version but that could be months and others may want to try it in the meantime. Regarding the txt file, my intention was to add an option in admin to allowing adding such text as well as being able to control what files should be excluded. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
tonymazz Posted October 16, 2009 Share Posted October 16, 2009 I'm sure there is a way around it but I don't know what it is without testing. Since it isn't anything to do with the contribution, it probably isn't something I will work on though. I am on the same server with different accounts. One account is fine, the Site Monitor works great, as well does the Hacker Code portion. However when i try the same thing in the other account which has all data directories linked. The osCommerce files are not linked and are what I want to monitor with this contribution like I do on the main account. I was hoping to do this with all of my stores. They all link back (just like public_html & www) to the main account files. In each instance the osCommerce files are unique & not linked. My problem is on each of those linked directories I get the error codes as follows: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 256 Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 And then it craps out. It does not seem to want to ignore the linked directories. Thanks Quote Tony Mazz Link to comment Share on other sites More sharing options...
Guest Posted October 16, 2009 Share Posted October 16, 2009 I am on the same server with different accounts. One account is fine, the Site Monitor works great, as well does the Hacker Code portion. However when i try the same thing in the other account which has all data directories linked. The osCommerce files are not linked and are what I want to monitor with this contribution like I do on the main account. I was hoping to do this with all of my stores. They all link back (just like public_html & www) to the main account files. In each instance the osCommerce files are unique & not linked. My problem is on each of those linked directories I get the error codes as follows: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 256 Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 And then it craps out. It does not seem to want to ignore the linked directories. Thanks This could be an issue with open_basedir restrictions in apache. If your stores are in separate accounts, that might be the reason. Maybe it won't play nice with symbolic links? Quote Link to comment Share on other sites More sharing options...
oscommerce21 Posted October 21, 2009 Share Posted October 21, 2009 (edited) Thank you for this module - SiteMonitor . Please suggest on this warning message: Checked 90 directories containing a total of 604 files. Skipped 686 files. 2 suspected hacked files found. Hacked Files Found admin/includes/classes/nusoap.php includes/modules/payment/paypal_standard.php Regarding found files: paypal_standard.php is 42.72 kb date: 1/11/2008 ----> it has the same date as all other files in the folder nusoap.php ---> I want to make sure, isn't a part of the original oscomm 2.2 rc2 Thank you! Edited October 21, 2009 by oscommerce21 Quote Link to comment Share on other sites More sharing options...
oscommerce21 Posted October 21, 2009 Share Posted October 21, 2009 (edited) Jack, thanks a lot. A little suggestion, if I may: you can put a link to this forum in SiteMonitor Admin Configure dialog page, so people can find this forum and watch for updates, get help and help others. You can even use this very wording as a hyperlink "SiteMonitor: watch for updates, get help and help others" Thanks for your time and commitment. Edited October 21, 2009 by oscommerce21 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 21, 2009 Author Share Posted October 21, 2009 Please suggest on this warning message: Checked 90 directories containing a total of 604 files. Skipped 686 files. 2 suspected hacked files found. It means those files have code in them that hackers uses. Such code can also be used legitimately so you have to check the files manually to be sure they are OK. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 21, 2009 Author Share Posted October 21, 2009 Jack, thanks a lot. A little suggestion, if I may: you can put a link to this forum in Thank you for the suggestion. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
oscommerce21 Posted October 22, 2009 Share Posted October 22, 2009 If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically. The contribution can be found here. Jack Reference file creation failed. Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/free/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 Warning: readdir(): supplied argument is not a valid Directory resource in /home/free/public_html/admin/includes/functions/sitemonitor_functions.php on line 164 Reference file creation failed. Please help to understand whaT IT MEANS AND WHAT TO DO. Thanks! Quote Link to comment Share on other sites More sharing options...
oscommerce21 Posted October 22, 2009 Share Posted October 22, 2009 It means those files have code in them that hackers uses. Such code can also be used legitimately so you have to check the files manually to be sure they are OK. Does it mean, admin/includes/classes/nusoap.php is a part of 2.2 rc2? Did anyone see it before? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 22, 2009 Author Share Posted October 22, 2009 Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/free/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 If your username is not actually username, then you will need to change that. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 22, 2009 Author Share Posted October 22, 2009 Does it mean, admin/includes/classes/nusoap.php is a part of 2.2 rc2? Did anyone see it before? It doesn't have anything to do with what version the shop is. SiteMonitor is just saying that file has code in it that is similar to what hackers use. I doubt that it has been hacked though. I think it is just the normal code for that file. The only way to be sure though it to compare it with a known good file, assuming you don't know what to look for in the file. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 (edited) Reference file creation failed. Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/free/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 Warning: readdir(): supplied argument is not a valid Directory resource in /home/free/public_html/admin/includes/functions/sitemonitor_functions.php on line 164 Reference file creation failed. Please help to understand whaT IT MEANS AND WHAT TO DO. Thanks! I have a similar problem ... I installed version 1.9 today and the first time I tried to configure it, I got the following error page: "Forbidden You do not have permission to access this document." Then after informing my webhost about this, they made a few changes with their firewall as they thought that may have been the problem So I tried it again and got the following error message ""Cannot change the mode of file (/xxx/xxx/xxxxxx/MYSITEcom/xxxxxx/admin/sitemonitor_configure.php)" Then we went through changing file permissions, etc. and deleted the .htaccess file from that directory but still got the same error message listed immediately above. One thing I noticed when I loaded the thing for the first time, was that there was an automatically assigned user name and password in the configuration page and I also noticed a post earlier that indicated that these should be empty, but I think that was in reference to another problem, with the previous version. Also, (I'm guessing this is because of the afore mentioned error message), when I try to run the update in the admin page, I get the error message "file creation failed." So can someone help me figure this out? Is it the user name and password automatically generated by the sitemonitor_configure_setup.php file, or could it be something else? Edited October 22, 2009 by westindiestrader Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 22, 2009 Author Share Posted October 22, 2009 As mentioned previously here and in the text on the page, you only need those settings if you are using the curl login option. Try clearing them and see what happens. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 (edited) As mentioned previously here and in the text on the page, you only need those settings if you are using the curl login option. Try clearing them and see what happens. ok, only thing is I don't know what you mean by "curl login option" and how to turn it off or on --edit-- I just tried clearing the user name and password and still got the same error message "Cannot change the mode of file (/var/www/vhosts/westindiestrader.com/httpdocs/admin/sitemonitor_configure.php)" has anyone ever experienced this error message? Edited October 22, 2009 by westindiestrader Quote Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 ok, only thing is I don't know what you mean by "curl login option" and how to turn it off or on --edit-- I just tried clearing the user name and password and still got the same error message "Cannot change the mode of file (/var/www/vhosts/westindiestrader.com/httpdocs/admin/sitemonitor_configure.php)" has anyone ever experienced this error message? You may have to give the file 777 permissions to start with. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 You may have to give the file 777 permissions to start with. That was done already and still got the same error message Quote Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 That was done already and still got the same error message OK, not sure if this will help. When I change the configure information, I have to have it in the configure file, delete the rference file amd run the delete reference file in my admin. The permissions need to be set at 777 for many of the files due to ownership issues. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 OK, not sure if this will help. When I change the configure information, I have to have it in the configure file, delete the rference file amd run the delete reference file in my admin. The permissions need to be set at 777 for many of the files due to ownership issues. ok the only problem with that is there was no reference file with the installation and although I understand the contrib is supposed to automatically generate a reference file after deleting it, it fails to do that. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 ok the only problem with that is there was no reference file with the installation and although I understand the contrib is supposed to automatically generate a reference file after deleting it, it fails to do that. Perhaps try uploading the sitemonitor_log.txt file. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 22, 2009 Share Posted October 22, 2009 Perhaps try uploading the sitemonitor_log.txt file. that was uploaded at the same time as all the other files before I tried to install / configure it. Quote Link to comment Share on other sites More sharing options...
WebDev22 Posted October 25, 2009 Share Posted October 25, 2009 Is there a thread that discusses how a site can get compromised. For starters, we're changing the passwords for cPanel, FTP, and Admin. Is it possible emails containing passwords can get intercepted? Should we communicate this information another way? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.