mr_absinthe Posted December 9, 2009 Share Posted December 9, 2009 Hi Jack, I've just noticed that error_log files are being written in almost every folder of our site - has it got anything to do with sitemonitor - if not what might be causing it? Also these files are being unnoticed by the sitemonitor... Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 9, 2009 Author Share Posted December 9, 2009 No, SiteMonitor doesn't create those. It might be failing to run causing an entry to be created but I doubt it. Either way, you have to look at the log file to determine what is causing it. Error logs are excluded from being reported since they are generally not used by hackers, in my experience. You can remove them from the exclusion list by editing the functions/site_monitor.php file if you want. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted December 22, 2009 Share Posted December 22, 2009 If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically. The contribution can be found here. Jack Graet. I jst installed and found 2 files what do not belong to web site. Wipe out. I got error the first time I run, but after I wipe the administrator dir in configuration it work fine. The "administrator dir" are not need for proper operation. I notice that configuration adding 2 // in that configuration "http://www.myside.net//admin" That create the error. I live blank and works fine. Thanks. Quote Link to comment Share on other sites More sharing options...
Guest Posted December 22, 2009 Share Posted December 22, 2009 (edited) Hi Jack, As you already know your Sitemonitor found my hack in contact_us.php (language part) because your program searches for base64 (often used by hackers). Thank you. But I have problems with Sitemonitor as cronjob and because I builded many cronjobs (connections with suppliers) I know that if you use e.g. fopen you have always to use the full path (my experience, why I don't know), a relative path did't work in all my cases in cronjobs (even when I work with chgdir). So when I changed your program with full paths ($admin_dir in front of) it works (and still of course direct from admin). Ok I have still another problem but that's one for the provider (no writable connection allowed, maybe because of the su php settings). But first Sitemonitor could not found sitemonitor files like reference etc. with only the name (relative path). Edited December 22, 2009 by Felix Scheiffers Quote Link to comment Share on other sites More sharing options...
eFFeKt Posted December 22, 2009 Share Posted December 22, 2009 hi jack, thanks for this contribution. i've get this errormessage on sitemonitor_configure_setup.php: Warning: strpos() [function.strpos]: Empty delimiter in C:\wamp\www\umzugshop\admin\includes\functions\sitemonitor_functions.php on line 218 i dont know how to fix it. hope you can help. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 22, 2009 Author Share Posted December 22, 2009 thanks for this contribution. i've get this errormessage on sitemonitor_configure_setup.php: i dont know how to fix it. hope you can help. That part of the code is trying to handle the start directory so my guess is that you made a mistake with the configure settings. Post your start directory here and I will take a look. eFFeKt 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
eFFeKt Posted December 23, 2009 Share Posted December 23, 2009 That part of the code is trying to handle the start directory so my guess is that you made a mistake with the configure settings. Post your start directory here and I will take a look. Thanks Jack, i solved it by myself. the scipt didn't work on my localhost. after uploading it to the server and setting the parameters in sitemonitor_configure.php, everthing works fine. sorry for claiming you :) Quote Link to comment Share on other sites More sharing options...
♥altoid Posted December 26, 2009 Share Posted December 26, 2009 Jack, site monitor runs well for me. I can't run a cron job, but that's my server's problem not the contribution. Anyway, in addition to it's intended use, I have been using it as a validation tool when I add/delete/modify a contribution. First I execute site monitor to see what's there. If all is normal then I start with a fresh reference site monitor file and then install the add on. Then in addition to doing the usual testing to see if everything is working I run site monitor to see what files I actually deleted/added/changed during the process. For example after doing an update I had problems with an install I re-read the instructions and then ran site monitor. That showed me that one of the needed files didn't get uploaded correctly. Thank you for your work. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 26, 2009 Author Share Posted December 26, 2009 Yes, others have mentioned using it in this way. In case you are not aware of it, a log file is created each time it is ran. So if you save the log files dealing with installations (they will be overwritten, if not) as something else, they will provide a running history of the changes to your site. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted December 27, 2009 Share Posted December 27, 2009 I think this question was asked above but I'm afraid I don't understand the answer. I assume it's the same problem. Here it is: We collectively own three sites. We are having the same hack/email problem. I installed a new site montitor on one, and reinstalled it on another. The check for hacked code works, but the execute site monitor comes up with the following on both sites. Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/********/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 Warning: readdir(): supplied argument is not a valid Directory resource in /home/********/public_html/admin/includes/functions/sitemonitor_functions.php on line 164 I do have this directory and the php file in that directory. The reinstalled site now says we have 1791 deleted files and won't check for any thing else. Any help would be appreciated. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 28, 2009 Author Share Posted December 28, 2009 Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory 162 The error is saying it can't find the /home/username/public_html/ directory. If your username isn't username, then you will need to change the settings to the correct one. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
garacs1 Posted December 28, 2009 Share Posted December 28, 2009 (edited) Hi Jack_mcs Thanks for the contribution, very helpfull. I do have a question: after reading this thread, I figured out how to solve many errors I got from the very first time I installed it on my website, but one thing I am not able to figure out: how to check if files have been hacked. Clicking on the button "Manually Check for Hacked Files" results in this: Checked 0 directories containing a total of 0 files. Skipped 0 files. 0 suspected hacked files found Did I miss something while configuring the SiteMonitor? Here is how I configured it: Always Email - NO Quarantine Files - NO Verbose - YES Log File - YES Log File Size - 100000 Delete Reference file - 5 To - my email address From - site admin email address Start Directory - /srv/www/vhosts/xxxxxxxxxxxx.xx/httpdocs/catalog/ Admin Directory - http://www.xxxxxxxxxxxxx.xx/catalog/xxxxxxxxxxxx/ Admin Username - NO Admin Password - NO Exclude Selector - NONE Exclude List - "catalog/xxxxxxxxxxxxxxx/quarantine", "cgi-bin", "images" Is there something wrong with this configuration? Also, when I run site Monitor, I receive the email alright, but it reports always: DELETED FILES: Found a deleted file named SIZE MISMATCH: Size differences not checked due to deleted file(s) TIME MISMATCH: Time differences not checked due to deleted file(s) PERMISSIONS MISMATCH: Permissions not checked due to deleted file(s) I did not delete any file... Please let me know ASAP. Regards. Garacs1 Edited December 28, 2009 by garacs1 Quote dunno what to write... Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 28, 2009 Author Share Posted December 28, 2009 In the least, the hacked files check should read in the files but it is saying it isn't. With these settings Admin Directory - http://www.xxxxxxxxx...g/xxxxxxxxxxxx/Admin Username - NO Admin Password - NO you are telling SiteMonitor to login securely using curl but not to use a username and password to login - not going to work. I suggest setting those three to blank (empty - nothing) and try again. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
garacs1 Posted December 28, 2009 Share Posted December 28, 2009 In the least, the hacked files check should read in the files but it is saying it isn't. With these settingsyou are telling SiteMonitor to login securely using curl but not to use a username and password to login - not going to work. I suggest setting those three to blank (empty - nothing) and try again. Hi Jack I did try leaving them blank, but I still receive the same result. I then tried to insert username and password, still same result. Is there something I am doing wrong? Quote dunno what to write... Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 28, 2009 Author Share Posted December 28, 2009 I can't think of anything else it can be. You can try running it manually (third Update button) with the Verbose option set on to see if that shows anything. You may want to check the servers error log too in case your host has error reporting turned off. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
garacs1 Posted December 28, 2009 Share Posted December 28, 2009 I ran it locally, as you suggested, and now it reports: No new files found... No deleted files found... No size differences found... No time mismatches found... No permissions mismatches found... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sitemonitor ran on December 28, 2009, 5:11 pm Total mismatches found were 0 Total files being monitored is 842 So now everything works perfectly fine - except the hack checking tool? Ok, I will try and search for server error logs later in the new year. Thanks for the help ;-) I wish you, and all oscommerce users, a great 2010! Garacs1 Quote dunno what to write... Link to comment Share on other sites More sharing options...
kappa525ny Posted December 29, 2009 Share Posted December 29, 2009 Hi, I try to install this addon but when I go to admin and click SiteMonitor the page shows "No Right Permission Access Please contact your Web Administrator to request more access or if you found any problem." anyone know how to fix it?? Thank you. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 29, 2009 Author Share Posted December 29, 2009 (edited) "No Right Permission Access Please contact your Web Administrator to request more access or if you found any problem." anyone know how to fix it?? Thank you. This is a problem with your server or shop. If you can't login to admin at all, then you haven't setup that option yet. If it only fails for this contribution, then it is probably some permissions setting problem and your host would need to look at it. Edited December 29, 2009 by Jack_mcs Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ufodepot Posted December 29, 2009 Share Posted December 29, 2009 If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically. The contribution can be found here. Jack Hello Jack, I need help. The instructions read: To set up the cron job, add the following as the cron command: php /home/username/public_html/catalog/admin/sitemonitor.php Where do I put that line? Where and in which file. Thanks, Hope Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 29, 2009 Author Share Posted December 29, 2009 Cron is a scheduling program on the server. The command is entered through its interface in the control panel, usually. The steps for that will vary with the control panel so it isn't something for this thread. Ask your host how to setup a cron job or, if they are a good host, ask them to set it up for you and they will. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
brians34 Posted January 3, 2010 Share Posted January 3, 2010 (edited) I'm in the process of adding Sitemonitor, added all following instructions, but Sitemonitor does not appear in my admin panel. When I go to my website www.jfabs.com, I see this error message: Warning: require(includes/boxes/sitemonitor.php) [function.require]: failed to open stream: No such file or directory in /home/jewelr10/public_html/includes/column_left.php on line 32 Fatal error: require() [function.require]: Failed opening required 'includes/boxes/sitemonitor.php' (include_path='.:/usr/local/php52/pear') in /home/jewelr10/public_html/includes/column_left.php on line 32 I tried installing manually and get this error message: Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 Warning: readdir(): supplied argument is not a valid Directory resource in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 164 Reference file creation failed. Edited January 3, 2010 by brians34 Quote Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted January 3, 2010 Share Posted January 3, 2010 I'm in the process of adding Sitemonitor, added all following instructions, but Sitemonitor does not appear in my admin panel. When I go to my website www.jfabs.com, I see this error message: Warning: require(includes/boxes/sitemonitor.php) [function.require]: failed to open stream: No such file or directory in /home/jewelr10/public_html/includes/column_left.php on line 32 Fatal error: require() [function.require]: Failed opening required 'includes/boxes/sitemonitor.php' (include_path='.:/usr/local/php52/pear') in /home/jewelr10/public_html/includes/column_left.php on line 32 I tried installing manually and get this error message: Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 Warning: readdir(): supplied argument is not a valid Directory resource in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 164 Reference file creation failed. You quite likely missed a step in the installation. Start over verifying each step. I think you will likely find your error. Quote Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
tigergirl Posted January 3, 2010 Share Posted January 3, 2010 Warning: require(includes/boxes/sitemonitor.php) [function.require]: failed to open stream: No such file or directory in /home/xxx/public_html/includes/column_left.php on line 32 Fatal error: require() [function.require]: Failed opening required 'includes/boxes/sitemonitor.php' (include_path='.:/usr/local/php52/pear') in /home/xxx/public_html/includes/column_left.php on line 32 check if you added the code to admin/includes/column_left.php as it looks like you added it to includes/column_left.php incorrectly. all file changes are to admin directory not the catalogue side so you shouldn't have these errors on the shop. Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
brians34 Posted January 3, 2010 Share Posted January 3, 2010 (edited) You quite likely missed a step in the installation. Start over verifying each step. I think you will likely find your error. OK, another rookie mistake. Changed the php files in the /catalog instead of the admin. Fixed those. Now I'm getting an error in the admin panel: Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 162 Warning: readdir(): supplied argument is not a valid Directory resource in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 164 In looking at the sitemonitor files in the admin folder, I notice that the Persmissions are set at 0644 and all other permissions are set to 0755. Would this cause the problem? If so, how do I change this? Edited January 3, 2010 by brians34 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 3, 2010 Author Share Posted January 3, 2010 See the many previous posts on this error. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.