Jack_mcs Posted June 6, 2010 Author Share Posted June 6, 2010 Hello Jack, I installed your contribute and when I run Sitemonitor on the left applications menu, it returns an error: "Warning: opendir(http) [function.opendir]: failed to open dir: No such file or directory in /web/htdocs/domain_name/home/catalog/admin/includes/functions/sitemonitor_functions.php on line 420" I followed your suggestion modifying sitemonitor_functions.php in function folder to see what is the value of $dir and it return always "http" even if I change the value of Start Directory in many kinds of values. For example I tried: keeping blank, http, http://domain_name, http://domain_name/, http://domain_name/catalog, http://domain_name/catalog/, etc The domain_name value is my domain name of course... You should upload a clean sitemonitor_configure.php file and let the code fill in the start directory for you. If it is filling it in with something like http:..., then your configure file is setup incorrectly, in which case see here. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted June 6, 2010 Share Posted June 6, 2010 I wasn't offering a free installation. I'll leave that up tp you. If the problem you are having still exists, which I don't think it will, then I will take a look at it if you like. I know you weren't but I've noticed that you've uploaded new version just minutes after I've sent you the ftp details. I was just offering my server for you to find out what the problem is. I can certainly install the latest version myself and let you know if the problem is still there. Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Francys Posted June 6, 2010 Share Posted June 6, 2010 Hi I have updated sitemonitor to v2.4 thank you Jack for your powerfull contributions in this community. Following is a list of the siteMonitor Report: A - Can anyone tell if there is something blatently wrong with high hack probability in this list? B - Of course you will have a false positive in admin/sitemonitor_configure.php (the hacker code is written there) so one notice to future versions would be in install file exclude sitemonitor_configure.php: 0001 <?php 0002 /************** THE OPTIONS AND SETTINGS ****************/ 0003 $always_email = 1; //set to 1 to always email the results 0004 $verbose = 1; //set to 1 to see the results displayed on the page (for when running manually) 0005 $logfile = 1; //set to 1 to see to track results in a log file 0006 $logfile_size = 100000; //set the maximum size of the logfile 0007 $reference_reset = 0; //delete the reference file this many days apart 0008 0009 $quarantine = 0; //set to 1 to move new files found to the quarantine directory 0010 (...) 0018 $excludeList = array('quarantine_path', 'quarantine_path', 'quarantine_path', 'cgi-bin','admin'); //don't check these directories - change to your liking - must be set prior to first run 0019 $hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking 0020 $hackCodeSegments = array('error_reporting(0)', 'base64_decode','<frame','gzdecode','eval','ob_start("security_update")'); //enter any hacker code that you would like to check for 0021 ?> C - includes/ajax.js.php - line 19 and 21 has eval is this eval ok or is it suspect in the javascripts 0001 <?php 0002 /* 0003 $Id: ajax.js.php, v1.0 2008/04/04 19:50:14 insaini Exp $ 0004 0005 osCommerce, Open Source E-Commerce Solutions 0006 http://www.oscommerce.com 0007 0008 Copyright (c) 2003 osCommerce 0009 0010 Released under the GNU General Public License 0011 */ 0012 ?> 0013 <script language="javascript" type="text/javascript"><!-- 0014 function getObject(name) { 0015 var ns4 = (document.layers) ? true : false; 0016 var w3c = (document.getElementById) ? true : false; 0017 var ie4 = (document.all) ? true : false; 0018 0019 if (ns4) return eval('document.' + name); 0020 if (w3c) return document.getElementById(name); 0021 if (ie4) return eval('document.all.' + name); 0022 return false; 0023 } 0024 (...) D- includes/functions/compatibility.php - line 84 has eval 0074 if (!function_exists('array_reverse')) { 0075 function array_reverse($array) { 0076 for ($i=0, $n=sizeof($array); $i<$n; $i++) $array_reversed[$i] = $array[($n-$i-1)]; 0077 0078 return $array_reversed; 0079 } 0080 } 0081 0082 if (!function_exists('constant')) { 0083 function constant($constant) { 0084 eval("\$temp=$constant;"); 0085 0086 return $temp; 0087 } 0088 } E - includes/functions/general.php - In line 483 eval 0479 if ($suburb != '') $streets = $street . $cr . $suburb; 0480 if ($state != '') $statecomma = $state . ', '; 0481 0482 $fmt = $address_format['format']; 0483 eval("\$address = \"$fmt\";"); 0484 0485 if ( (ACCOUNT_COMPANY == 'true') && (tep_not_null($company)) ) { 0486 $address = $company . $cr . $address; 0487 } 0488 0489 return $address; 0490 } F - includes/modules/payment/paypal_standard.php - line 345 base64 0342 // remove headers from the signature 0343 $signed = file_get_contents(MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt'); 0344 $signed = explode("\n\n", $signed); 0345 $signed = base64_decode($signed[1]); 0346 0347 $fp = fopen(MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', 'w'); 0348 fwrite($fp, $signed); 0349 fclose($fp); G - /ultimate_seo_urls5/classes/Usu_Cache_Database.php - line 68 base64 detected 0065 usu::$cachefile_size = number_format( strlen( $row['cache_data'] ) / 1024, 2 ) . ' kb'; 0066 usu::$performance['time'] = microtime( true ); 0067 $this->md5check = md5( $row['cache_data'] ); 0068 $rawdata = gzinflate( base64_decode( $row['cache_data'] ) ); 0069 usu::$registry = unserialize( $rawdata ); H - /ultimate_seo_urls5/classes/Usu_Cache_Memcached.php -line 51 base64 detected 0049 if ( SEO_URLS_ENABLED != 'false' ) { 0050 usu::$performance['time'] = microtime( true ); 0051 if ( false === ( $rawdata = gzinflate( base64_decode( $this->get($this->cachename ) ) ) ) ) { 0052 return usu::$registry = Usu_Registry::getInstance(); 0053 } Thanks in advance Francys Quote Link to comment Share on other sites More sharing options...
wild.lucifero Posted June 6, 2010 Share Posted June 6, 2010 You should upload a clean sitemonitor_configure.php file and let the code fill in the start directory for you. If it is filling it in with something like http:..., then your configure file is setup incorrectly, in which case see here. Hello Jack, really many thanks for your answer. I checked again the configure.php file in admin directory. The only variabile that couldn't be set properly was DIR_FS_DOCUMENT_ROOT because the $DOCUMENT_ROOT isn't got from the system. I forced DIR_FS_DOCUMENT_ROOT to /web/htdocs/my_domain_name/home value in configure.php. But SiteMonitor Setup returns always http value in "Start Directory" and "Admin Directory" fields. I modified the sitemonitor_configure_setup.php to print the $filenameConfigure variabile because I think $dir gets the value from it and it returns correctly (I think) the value "/web/htdocs/my_domain_name/home/catalog/admin/sitemonitor_configure.php"... Of course I tried to set the DIR_FS_DOCUMENT to "http://www.my_domain_name" value in configure.php too. I'm really frustrated because I would run your contrib on my website, but I'm not able to do it... There is something wrong that I don't understand. Could you give me another idea to solve my problem, please? Really many thanks again Michele Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 7, 2010 Author Share Posted June 7, 2010 I checked again the configure.php file in admin directory. The only variabile that couldn't be set properly was DIR_FS_DOCUMENT_ROOT because the $DOCUMENT_ROOT isn't got from the system. The contribution is setup to run on a standard shop. If yours is not setup that way, I won't be able to help. For what it is worth though, if your shop is using your confiugre file and it is working, then this contribution should work. Maybe you have a configure file in the local directory or something like that that is causing it to work in a different way. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Francys Posted June 7, 2010 Share Posted June 7, 2010 (edited) Hi Ok i guess the files i posted aren't hacked (hence the lack of reply) i have been doing a bit of research and that is normal code, so i just mark them in excluded. I am newbie in this so consider it and give me a slack because i am learning stuff and sometimes i may post some irrelevant stuff bare with it and thanks. Have another issue, if it is relevant i appreciate reply... the site Monitor Report (i have fresh install) is returning truncated filenames: Found a new file named hipping.php Found a new file named ookie_usage.php Found a new file named ogoff.php Found a new file named hopping_cart.php Found a new file named ncludes/general.js Found a new file named ncludes/spiders.txt Found a new file named ncludes/header.php Found a new file named ncludes/footer.php Found a new file named ncludes/column_left.php What can be done to sort this... if you know ... i really appreciate answers. Thanks in advance Francys Edited June 7, 2010 by Francys Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 7, 2010 Author Share Posted June 7, 2010 Have another issue, if it is relevant i appreciate reply... the site Monitor Report (i have fresh install) is returning truncated filenames: Found a new file named hipping.php What can be done to sort this... if you know ... i really appreciate answers. That is due to the code removing the slash that it expects to be there but itsn't, so it is overshooting by one. That is a coding error in the contribution. To get around it, try adding a / to the start dir or removing it from the server path in the configure file (it shouldn't be there anyway). Francys 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Francys Posted June 7, 2010 Share Posted June 7, 2010 That is due to the code removing the slash that it expects to be there but itsn't, so it is overshooting by one. That is a coding error in the contribution. To get around it, try adding a / to the start dir or removing it from the server path in the configure file (it shouldn't be there anyway). I tried and i added the /: In catalog/configure.php the final result is looking like: (...) define('HTTP_SERVER', 'http://www.mysite.com/'); define('HTTPS_SERVER', 'http://www.mysite.com/'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'www.mysite.com'); define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); (...) I added the final / on lines 1 and 2 (HTTP_SERVER and HTTPS_SERVER) and i am still getting the same behaviour in SiteMonitor Reports. Thanks in advance Francys Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 7, 2010 Author Share Posted June 7, 2010 I tried and i added the /: In catalog/configure.php the final result is looking like: (...) define('HTTP_SERVER', 'http://www.mysite.com/'); define('HTTPS_SERVER', 'http://www.mysite.com/'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'www.mysite.com'); define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); (...) I added the final / on lines 1 and 2 (HTTP_SERVER and HTTPS_SERVER) and i am still getting the same behaviour in SiteMonitor Reports. Thanks in advance Francys No, the first two entries should not have a trailing slash. See this thread for how to set it up. It may not be your problem but the obvious should always be fixed first. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted June 7, 2010 Share Posted June 7, 2010 Jack, I've just loaded and tested your latest version 2.4 - no update, I've simply deleted all old files related to the SiteMonitor via ftp. Good news is that the hacker works fine. Configuration Control page, the "From:" box also shows the word From: with the email address (From: [email protected]) If I remove From: from the box, the email message doesn't have from field correctly, uses server's. On each page load, The Exclude List box keeps offering folder "myadmin/quarantine" BUT it is NOT enclosed in quotation marks, the remaining folders such as 'cgi-bin' are OK. It looks like excluded directories are finally excluded as it was (on my servers) working with version 1.9. I have noticed, however the following: after creating the reference file, I've added another folder in the exclude list. The folder is called 'contest' however in the email it is called ontest, see here: Found a deleted file named ontest/AbsinthePlanet.jpg It looks like it is stripping the first letter, nothing to do with the folder name because when I deleted a file from backups folder, the message reads: Found a deleted file named yadmin/backups/db_backup.sql (where the admin is called myadmin). This appears only when adding a new folder to the exclude list, after a reference file was created. Please feel free to login to see what I mean, you've got the details already. Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Francys Posted June 8, 2010 Share Posted June 8, 2010 No, the first two entries should not have a trailing slash. See this thread for how to set it up. It may not be your problem but the obvious should always be fixed first. Ok i will have a loot into it and feedback later. Great contributer and helpfull, many thanks, really. Francys Quote Link to comment Share on other sites More sharing options...
Francys Posted June 8, 2010 Share Posted June 8, 2010 Ok i have read the configure settings thread, and i think my configure.php files are ok. One odd thing i discovered, i have catalog/configure.php, catalog/includes/configure.php and catalog/admin_dir/includes/configure.php Questions: A - I should remove catalog/configure.php right? (perhaps uploaded by mistake) but the rest are ok exactly like is told to in that thread. B - and still i have the same issue with Sitemonitor path... Can you be more specific towards the code and file to change so SiteMonitor can show the output paths properly. Thanks for everything, Francys Quote Link to comment Share on other sites More sharing options...
mr_absinthe Posted June 9, 2010 Share Posted June 9, 2010 Ok i have read the configure settings thread, and i think my configure.php files are ok. One odd thing i discovered, i have catalog/configure.php, catalog/includes/configure.php and catalog/admin_dir/includes/configure.php A - I should remove catalog/configure.php right? (perhaps uploaded by mistake) but the rest are ok exactly like is told to in that thread. Yes, delete the catalog/configure.php, you should only have two configure files with proper permissions - the permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct. Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
mr_absinthe Posted June 10, 2010 Share Posted June 10, 2010 On each page load, The Exclude List box keeps offering folder "myadmin/quarantine" BUT it is NOT enclosed in quotation marks, the remaining folders such as 'cgi-bin' are OK. This is fixed now. It looks like excluded directories are finally excluded as it was (on my servers) working with version 1.9. I have noticed, however the following: after creating the reference file, I've added another folder in the exclude list. The folder is called 'contest' however in the email it is called ontest, see here: Found a deleted file named ontest/AbsinthePlanet.jpg It looks like it is stripping the first letter, nothing to do with the folder name because when I deleted a file from backups folder, the message reads: Found a deleted file named yadmin/backups/db_backup.sql (where the admin is called myadmin). This appears only when adding a new folder to the exclude list, after a reference file was created. This is also fixed now. Once again, thank you for your great contributions and for taking time to help all of us! :thumbsup: Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
LividWebmaster Posted June 14, 2010 Share Posted June 14, 2010 I can't seems to get it working. I installed everything and it appears to work, but when I try to set up the config I get an error. I have to have a folder excluded (I know that) but when I try something, like "test" is says it's not in quotes, even though it is. If I try 'test' I get the same error bar at the top, but it just says 'test' and has no error after it. It may be an install problem because my Exclude Selector has nothing in it. Anybody know whats going on. I've installed it and checked and it's is installed correctly from what I can tell, could this be because the admin folders name has been changed? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 14, 2010 Author Share Posted June 14, 2010 A new version has been uploaded that should fix the problem with the missing characters and invalid paths some shops were having. My thanks to mr_absinthe for allowing me to test on his server to isolate the problem. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Evolved Posted June 15, 2010 Share Posted June 15, 2010 (edited) A new version has been uploaded that should fix the problem with the missing characters and invalid paths some shops were having. My thanks to mr_absinthe for allowing me to test on his server to isolate the problem. Hello Jack, first of all, thank you very much for your great work. I just installed the latest version and made some changes you might like to approve. In sitemonitor_functions around line 194, I changed: $hackedFiles[$ctr]['line'] = $line; $hackedFiles[$ctr]['file'] = $file; $hackedFiles[$ctr]['hackercode'] = $hackerCodeArray[$i]; To this: $hackedFiles[$ctr]['line'] = (int)($line+1); $hackedFiles[$ctr]['file'] = $file; $hackedFiles[$ctr]['hackercode'] = $hackerCodeArray[$i]; for ($j=$i+1; $j<$countInvalidCode; $j++) { for ($line = 1; $line < count($contents); $line++) { if (strpos($contents[$line], $hackerCodeArray[$j]) !== FALSE) { $hackedFiles[$ctr]['line'] .= (string)(', ' . (int)($line+1)); $hackedFiles[$ctr]['hackercode'] .= ', ' . $hackerCodeArray[$j]; } } } The line numbers should match and all possibles hackstrings and lines get listed now instead of only the first. Cheers Evolved Edited June 15, 2010 by Evolved Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 15, 2010 Author Share Posted June 15, 2010 first of all, thank you very much for your great work. I just installed the latest version and made some changes you might like to approve. Thanks for posting it. It isn't something I will add to the contribution but others may find it useful. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Evolved Posted June 15, 2010 Share Posted June 15, 2010 Thanks for posting it. It isn't something I will add to the contribution but others may find it useful. After posting I also noticed that the loop for checking the file lines should start with 0 like this: for ($line = 0; $line < count($contents); ++$line) Evolved Quote Link to comment Share on other sites More sharing options...
fuckoff Posted June 15, 2010 Share Posted June 15, 2010 I installed Site Monitor but cannot run the Admin because of the "Error Your username is invalid. Please change it and try again" I try to leave it empty or enter any of the admin accounts, but keep getting the same error. Additionally, the Admin Directory can't be changed. If the http is erased, then it seems to get the right directory, but if I choose update, it is never saved. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 15, 2010 Author Share Posted June 15, 2010 I installed Site Monitor but cannot run the Admin because of the "Error Your username is invalid. Please change it and try again" I try to leave it empty or enter any of the admin accounts, but keep getting the same error. Additionally, the Admin Directory can't be changed. If the http is erased, then it seems to get the right directory, but if I choose update, it is never saved. You can't just leave the username empty or guess at it. See the previous posts regarding how to find the correct username. You can also edit the sitemonitor_configure.php file directly if your server won't allow updating it. Although, if that is the case, it probably won't run anyway since it needs to be able to change files. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
graeme john Posted June 16, 2010 Share Posted June 16, 2010 You can't just leave the username empty or guess at it. See the previous posts regarding how to find the correct username. You can also edit the sitemonitor_configure.php file directly if your server won't allow updating it. Although, if that is the case, it probably won't run anyway since it needs to be able to change files. I have the same problem, username incorrect and not saving. I just keep updating hoping eventually it will work itself out. I have tried the sitemonitor_configure.php route and it makes no difference Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 17, 2010 Author Share Posted June 17, 2010 I have the same problem, username incorrect and not saving. I just keep updating hoping eventually it will work itself out. I have tried the sitemonitor_configure.php route and it makes no difference Some people have reported that they needed to change the permissions of the SiteMoniotr files. I've never seen this but I suppose it is possible. If so, check what the permissions are set to for your images directory and then change the SiteMonitor files to the same. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
fuckoff Posted June 17, 2010 Share Posted June 17, 2010 You can't just leave the username empty or guess at it. See the previous posts regarding how to find the correct username. You can also edit the sitemonitor_configure.php file directly if your server won't allow updating it. Although, if that is the case, it probably won't run anyway since it needs to be able to change files. I think it was the Admin Directory: that was giving me problems rather than the admin account name and password. After updating the configuration it always shows as just http so It was helpful to edit the sitemonitor_configure.php directly. It's working now and backed up for safe keeping ;) Thanks for your time. -Jim Quote Link to comment Share on other sites More sharing options...
alba Posted June 17, 2010 Share Posted June 17, 2010 Ive had the same issues as everyone else has reported with v2.5 previous versions worked fine but this one keeps looping aroudn saying i have incorrect admin login details and if i empty those fields out as it suggests if not using curl then it comes up with errors saying my ignore list shouldnt end and start with quotes but ive left my existing configure file in place as i always have in the past Ive has to downgrade back to v2.4 to keep this working :( Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.