Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SiteMonitor


Jack_mcs

Recommended Posts

Hi Jack,

I've just noticed that error_log files are being written in almost every folder of our site - has it got anything to do with sitemonitor - if not what might be causing it? Also these files are being unnoticed by the sitemonitor...

Absinthe Original Liquor Store

Link to comment
Share on other sites

No, SiteMonitor doesn't create those. It might be failing to run causing an entry to be created but I doubt it. Either way, you have to look at the log file to determine what is causing it. Error logs are excluded from being reported since they are generally not used by hackers, in my experience. You can remove them from the exclusion list by editing the functions/site_monitor.php file if you want.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically.

 

The contribution can be found here.

 

Jack

Graet. I jst installed and found 2 files what do not belong to web site. Wipe out.

I got error the first time I run, but after I wipe the administrator dir in configuration it work fine. The "administrator dir" are not need for proper operation. I notice that configuration adding 2 // in that configuration "http://www.myside.net//admin" That create the error. I live blank and works fine.

Thanks.

Link to comment
Share on other sites

Hi Jack,

 

As you already know your Sitemonitor found my hack in contact_us.php (language part) because your program searches for base64 (often used by hackers). Thank you.

 

But I have problems with Sitemonitor as cronjob and because I builded many cronjobs (connections with suppliers) I know that if you use e.g. fopen you have always to use the full path (my experience, why I don't know), a relative path did't work in all my cases in cronjobs (even when I work with chgdir).

 

So when I changed your program with full paths ($admin_dir in front of) it works (and still of course direct from admin). Ok I have still another problem but that's one for the provider (no writable connection allowed, maybe because of the su php settings). But first Sitemonitor could not found sitemonitor files like reference etc. with only the name (relative path).

Edited by Felix Scheiffers
Link to comment
Share on other sites

hi jack,

 

thanks for this contribution. i've get this errormessage on sitemonitor_configure_setup.php:

 

Warning: strpos() [function.strpos]: Empty delimiter in C:\wamp\www\umzugshop\admin\includes\functions\sitemonitor_functions.php on line 218

 

i dont know how to fix it. hope you can help.

Link to comment
Share on other sites

thanks for this contribution. i've get this errormessage on sitemonitor_configure_setup.php:

 

i dont know how to fix it. hope you can help.

That part of the code is trying to handle the start directory so my guess is that you made a mistake with the configure settings. Post your start directory here and I will take a look.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

That part of the code is trying to handle the start directory so my guess is that you made a mistake with the configure settings. Post your start directory here and I will take a look.

 

Thanks Jack, i solved it by myself. the scipt didn't work on my localhost. after uploading it to the server and setting the parameters in sitemonitor_configure.php, everthing works fine. sorry for claiming you :)

Link to comment
Share on other sites

Jack, site monitor runs well for me. I can't run a cron job, but that's my server's problem not the contribution.

 

Anyway, in addition to it's intended use, I have been using it as a validation tool when I add/delete/modify a contribution. First I execute site monitor to see what's there. If all is normal then I start with a fresh reference site monitor file and then install the add on. Then in addition to doing the usual testing to see if everything is working I run site monitor to see what files I actually deleted/added/changed during the process. For example after doing an update I had problems with an install I re-read the instructions and then ran site monitor. That showed me that one of the needed files didn't get uploaded correctly.

Thank you for your work.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

Yes, others have mentioned using it in this way. In case you are not aware of it, a log file is created each time it is ran. So if you save the log files dealing with installations (they will be overwritten, if not) as something else, they will provide a running history of the changes to your site.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I think this question was asked above but I'm afraid I don't understand the answer. I assume it's the same problem.

 

Here it is:

 

We collectively own three sites. We are having the same hack/email problem. I installed a new site montitor on one, and reinstalled it on another.

 

The check for hacked code works, but the execute site monitor comes up with the following on both sites.

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/********/public_html/admin/includes/functions/sitemonitor_functions.php on line 162

 

Warning: readdir(): supplied argument is not a valid Directory resource in /home/********/public_html/admin/includes/functions/sitemonitor_functions.php on line 164

 

I do have this directory and the php file in that directory.

 

The reinstalled site now says we have 1791 deleted files and won't check for any thing else.

 

Any help would be appreciated.

Link to comment
Share on other sites

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory 162

The error is saying it can't find the /home/username/public_html/ directory. If your username isn't username, then you will need to change the settings to the correct one.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Hi Jack_mcs

 

Thanks for the contribution, very helpfull. I do have a question: after reading this thread, I figured out how to solve many errors I got from the very first time I installed it on my website, but one thing I am not able to figure out: how to check if files have been hacked.

 

Clicking on the button "Manually Check for Hacked Files" results in this:

 

Checked 0 directories containing a total of 0 files. Skipped 0 files. 0 suspected hacked files found

 

Did I miss something while configuring the SiteMonitor?

 

Here is how I configured it:

 

Always Email - NO

Quarantine Files - NO

Verbose - YES

Log File - YES

Log File Size - 100000

Delete Reference file - 5

To - my email address

From - site admin email address

Start Directory - /srv/www/vhosts/xxxxxxxxxxxx.xx/httpdocs/catalog/

Admin Directory - http://www.xxxxxxxxxxxxx.xx/catalog/xxxxxxxxxxxx/

Admin Username - NO

Admin Password - NO

Exclude Selector - NONE

Exclude List - "catalog/xxxxxxxxxxxxxxx/quarantine", "cgi-bin", "images"

 

Is there something wrong with this configuration?

 

Also, when I run site Monitor, I receive the email alright, but it reports always:

 

DELETED FILES:

Found a deleted file named

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

I did not delete any file...

 

Please let me know ASAP.

 

Regards.

 

Garacs1

Edited by garacs1

dunno what to write...

Link to comment
Share on other sites

In the least, the hacked files check should read in the files but it is saying it isn't. With these settings

Admin Directory - http://www.xxxxxxxxx...g/xxxxxxxxxxxx/

Admin Username - NO

Admin Password - NO

you are telling SiteMonitor to login securely using curl but not to use a username and password to login - not going to work. I suggest setting those three to blank (empty - nothing) and try again.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

In the least, the hacked files check should read in the files but it is saying it isn't. With these settingsyou are telling SiteMonitor to login securely using curl but not to use a username and password to login - not going to work. I suggest setting those three to blank (empty - nothing) and try again.

 

Hi Jack

 

I did try leaving them blank, but I still receive the same result.

 

I then tried to insert username and password, still same result. Is there something I am doing wrong?

dunno what to write...

Link to comment
Share on other sites

I can't think of anything else it can be. You can try running it manually (third Update button) with the Verbose option set on to see if that shows anything. You may want to check the servers error log too in case your host has error reporting turned off.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I ran it locally, as you suggested, and now it reports:

 

No new files found...

No deleted files found...

No size differences found...

No time mismatches found...

No permissions mismatches found...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on December 28, 2009, 5:11 pm

Total mismatches found were 0

Total files being monitored is 842

 

So now everything works perfectly fine - except the hack checking tool?

 

Ok, I will try and search for server error logs later in the new year. Thanks for the help ;-)

 

I wish you, and all oscommerce users, a great 2010!

 

Garacs1

dunno what to write...

Link to comment
Share on other sites

Hi,

 

I try to install this addon but when I go to admin and click SiteMonitor

 

the page shows

 

 

"No Right Permission Access

Please contact your Web Administrator to request

more access or if you found any problem."

 

anyone know how to fix it?? Thank you.

Link to comment
Share on other sites

"No Right Permission Access

Please contact your Web Administrator to request

more access or if you found any problem."

 

anyone know how to fix it?? Thank you.

This is a problem with your server or shop. If you can't login to admin at all, then you haven't setup that option yet. If it only fails for this contribution, then it is probably some permissions setting problem and your host would need to look at it.

Edited by Jack_mcs

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically.

 

The contribution can be found here.

 

Jack

 

Hello Jack,

I need help. The instructions read:

 

To set up the cron job, add the following as the cron command:

php /home/username/public_html/catalog/admin/sitemonitor.php

 

Where do I put that line? Where and in which file.

Thanks,

Hope

Link to comment
Share on other sites

Cron is a scheduling program on the server. The command is entered through its interface in the control panel, usually. The steps for that will vary with the control panel so it isn't something for this thread. Ask your host how to setup a cron job or, if they are a good host, ask them to set it up for you and they will.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I'm in the process of adding Sitemonitor, added all following instructions, but Sitemonitor does not appear in my admin panel.

 

When I go to my website www.jfabs.com, I see this error message:

 

Warning: require(includes/boxes/sitemonitor.php) [function.require]: failed to open stream: No such file or directory in /home/jewelr10/public_html/includes/column_left.php on line 32

 

Fatal error: require() [function.require]: Failed opening required 'includes/boxes/sitemonitor.php' (include_path='.:/usr/local/php52/pear') in /home/jewelr10/public_html/includes/column_left.php on line 32

 

 

I tried installing manually and get this error message:

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 162

 

Warning: readdir(): supplied argument is not a valid Directory resource in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 164

Reference file creation failed.

Edited by brians34
Link to comment
Share on other sites

I'm in the process of adding Sitemonitor, added all following instructions, but Sitemonitor does not appear in my admin panel.

 

When I go to my website www.jfabs.com, I see this error message:

 

Warning: require(includes/boxes/sitemonitor.php) [function.require]: failed to open stream: No such file or directory in /home/jewelr10/public_html/includes/column_left.php on line 32

 

Fatal error: require() [function.require]: Failed opening required 'includes/boxes/sitemonitor.php' (include_path='.:/usr/local/php52/pear') in /home/jewelr10/public_html/includes/column_left.php on line 32

 

 

I tried installing manually and get this error message:

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 162

 

Warning: readdir(): supplied argument is not a valid Directory resource in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 164

Reference file creation failed.

You quite likely missed a step in the installation. Start over verifying each step. I think you will likely find your error.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

 

Warning: require(includes/boxes/sitemonitor.php) [function.require]: failed to open stream: No such file or directory in /home/xxx/public_html/includes/column_left.php on line 32

 

Fatal error: require() [function.require]: Failed opening required 'includes/boxes/sitemonitor.php' (include_path='.:/usr/local/php52/pear') in /home/xxx/public_html/includes/column_left.php on line 32

 

check if you added the code to admin/includes/column_left.php as it looks like you added it to includes/column_left.php incorrectly. all file changes are to admin directory not the catalogue side so you shouldn't have these errors on the shop.

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

You quite likely missed a step in the installation. Start over verifying each step. I think you will likely find your error.

 

OK, another rookie mistake. Changed the php files in the /catalog instead of the admin. Fixed those.

 

Now I'm getting an error in the admin panel:

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 162

 

Warning: readdir(): supplied argument is not a valid Directory resource in /home/jewelr10/public_html/admin/includes/functions/sitemonitor_functions.php on line 164

 

 

In looking at the sitemonitor files in the admin folder, I notice that the Persmissions are set at 0644 and all other permissions are set to 0755. Would this cause the problem? If so, how do I change this?

Edited by brians34
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...