Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SiteMonitor


Jack_mcs

Recommended Posts

Thank you for your answer. It depends on the message from the script: If there are no changes found or if there is an missmatch, i get an e-mail. If there are new files found, I get no mail.

 

Andra

The only thing I can think of is that the script is not completing for some reason. In the SiteMonitor settings, check the verbos option and update it (if that option is not already set). Then go to the its admin section and click on the third update button. You should see all of the message displayed there. If it stops before all of the sections have been ran, then there is something in the new files, or wherever it is failing, that is causing the problem.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

The only thing I can think of is that the script is not completing for some reason. In the SiteMonitor settings, check the verbos option and update it (if that option is not already set). Then go to the its admin section and click on the third update button. You should see all of the message displayed there. If it stops before all of the sections have been ran, then there is something in the new files, or wherever it is failing, that is causing the problem.

Thank you, Jack. The verbos option is active, I tested it oncemore, still the same problem. I get this message:

"Found a new file named images/test/xy.jpg

Found a new file named images/test/xxx.jpg

No deleted files found..."

Nothing more, no mail.

Maybe there is not enough scriptpower on the server... But if there are just missmatches, it works...

 

Still I'm glad about your script, it is very helpful. Thank you.

 

Andra

Link to comment
Share on other sites

Thanks for any advice

 

Just came into this thread. Installed the latest version and now when I try and enter admin area I get this error

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/sessions.php on line 97

 

Warning: Cannot modify header information - headers already sent by (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/general.php on line 22

 

Been a while since I played in Osc so would appreciate any feedback

 

thanks Geoff

Geoff

 

Telegraph Point 2441

Australia

Link to comment
Share on other sites

Thank you, Jack. The verbos option is active, I tested it oncemore, still the same problem. I get this message:

"Found a new file named images/test/xy.jpg

Found a new file named images/test/xxx.jpg

No deleted files found..."

Nothing more, no mail.

Maybe there is not enough scriptpower on the server... But if there are just missmatches, it works...

The script isn't finishing. It might be a timeout issue or some file that is causing it to fail. Try excluding all directories. If it runs, add one in at a time, testing as you do until the cause is found.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/sessions.php on line 97

 

Warning: Cannot modify header information - headers already sent by (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/general.php on line 22

See the link in my signature for that error.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thanks , tried that and all OK.

 

Reversed everything and removed site monitor and the error is still there?

 

Any other options?

This is the support thread for SiteMonitor. If you don't have SiteMonitor installed or your problem isn't related to it, you need to post your question in the appropriate thread.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

This is the support thread for SiteMonitor. If you don't have SiteMonitor installed or your problem isn't related to it, you need to post your question in the appropriate thread.

 

Thanks for nothing

 

I install site monitor into an oSc install that has been working for months and after the install of site monitor I cannot access my admin section.

Perhaps the reason I cannot access my admin section is because of site monitor?

Geoff

 

Telegraph Point 2441

Australia

Link to comment
Share on other sites

Thanks for nothing

 

I install site monitor into an oSc install that has been working for months and after the install of site monitor I cannot access my admin section.

Perhaps the reason I cannot access my admin section is because of site monitor?

Either you made an error in the installation or you need to clear your browser cache. Sometimes simply closing the browser and restarting it is sometimes enough to stop that error.

 

I'd clear your browser cache first, then recheck the installation steps closely. Site monitor does not change anything that would stop you from accessing your admin pages.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Either you made an error in the installation or you need to clear your browser cache. Sometimes simply closing the browser and restarting it is sometimes enough to stop that error.

 

I'd clear your browser cache first, then recheck the installation steps closely. Site monitor does not change anything that would stop you from accessing your admin pages.

 

Thank you for a helpful reply.

 

I will try as you suggest.

 

My apologies for my post above - it was uncalled for.

Geoff

 

Telegraph Point 2441

Australia

Link to comment
Share on other sites

Jack, just wanted to say THANKS! I've installed the SiteMonitor on a friend's site and it discovered hacker files recently! They've uploaded several files to all writable directories of the web site. It seems that files have identical content and various filenames such as spill.php, spool.php or sql.php. This is a small preview of those files:

<? eval(gzinflate(base64_decode('DZfHDsTGEUR/xTdJ4IE5wZYFcplzWqaLwZxz5td7D32c6cGg6nX1P//9zz//Ks6k/7N6m7Hsk734M022gsD+lxfZlBd//sHFBbptAZN9DfCOkS7KBD2csD3B6/cdLurl+rFc4fJ0A4YBbhA8818ZJR5/TZB4wHxZRPrTgkPik27AgT7u4aHigaBc2AKjQjPqHcddIBNTflVwsk2pp9LyFS9gGVHI8aNw1G/2SapZF6qaUqu14drNMKrjEGXi3KZgERz+/CachCmy5fu6LnTT8qnvdnZr/OJR/ZGcJH6PPJRVn/Lqpph4bjI70sbJWuZJYFcLr5iDoN9IMSDwAVKL3qh2z2hsSxeVYuywg/weFvlFGp16ItXYntOIHOyIDc2RgFZyDKJUfU8ZDSu86FUYRX7T/KFdm73bC7LWl5alFhS8Pgq3FEBkGwrnaQqmeE014izZSQ0pLx6U5KkpyXEN9Q4R... etc. etc.

Thanks to SiteMonitor, we've noticed quite quickly and deleted those files and added .htaccess with this code:

php_flag engine off
<Files ~ "\.(php*|s?p?html|cgi|pl|ini)$">
deny from all
</Files>

We've also changed CHMOD to 757 because 775 was throwing errors. Few minutes after changing the permissions, I've noticed that new .htaccess files were uploaded to all of those directories so I've deleted them. Setting permissions to 757 is obviously no solution and I have also changed the ftp password - however there was no hacker trace in the ftp log. Would you have a solution how to avoid the above please? Is there a possibility of protecting writable directories? As far as I can tell, files have been patched and many security contributions are in place.

Absinthe Original Liquor Store

Link to comment
Share on other sites

Jack, just wanted to say THANKS! I've installed the SiteMonitor on a friend's site and it discovered hacker files recently! They've uploaded several files to all writable directories of the web site. It seems that files have identical content and various filenames such as spill.php, spool.php or sql.php. This is a small preview of those files:

 

We've also changed CHMOD to 757 because 775 was throwing errors. Few minutes after changing the permissions, I've noticed that new .htaccess files were uploaded to all of those directories so I've deleted them. Setting permissions to 757 is obviously no solution and I have also changed the ftp password - however there was no hacker trace in the ftp log. Would you have a solution how to avoid the above please? Is there a possibility of protecting writable directories? As far as I can tell, files have been patched and many security contributions are in place.

I'm glad it helped. I'm not following the question thoguh - can't tell what is being uploaded to where. But, in my experience, hackers are able to upload files because of some security hole, like the file manager one. Be sure you have renamed the admin directory and applied the patch to its application_top file. It they are still getting in, you should be able to relate the time the file was added as recorded in the SiteMonitor log with that in the ftp log.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

They've uploaded .php files to writable directories only. File manager does not exist there and admin was also renamed. Not sure what patch in application_top you mean, could you point me please?

There are several fixes floating around. This thread mentions one or two.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

When I'm in my admin and I go to Sitemonitor. The person who's logged in automaticaly changes in another user I don't recognize. I tested it on two different webshops. One time it changes in c and the other time in i. Please help.

I also cannot go to the admin.

 

Warning: opendir() [function.opendir]: Unable to access /home/username/public_html/ in /public/sites/www.site.nl/inlog/includes/functions/sitemonitor_functions.php on line 419

 

Warning: opendir(/home/username/public_html/) [function.opendir]: failed to open dir: No such file or directory in /public/sites/www.site.nl/inlog/includes/functions/sitemonitor_functions.php on line 419

 

This is also an error I get. If someone can help me thanks!

Edited by abe1983
Link to comment
Share on other sites

When I'm in my admin and I go to Sitemonitor. The person who's logged in automaticaly changes in another user I don't recognize. I tested it on two different webshops. One time it changes in c and the other time in i. Please help.

I also cannot go to the admin.

This is also an error I get. If someone can help me thanks!

Warning: opendir() [function.opendir]: Unable to access /home/username/public_html/ 

 

Is this the path to your store?:

/home/username/public_html/

 

I think you have to change username in this path..

Link to comment
Share on other sites

Is this the path to your store?:

/home/username/public_html/

 

I think you have to change username in this path..

 

Can you give me an example. This line automaticaly stood in the start dir field of the configurationpage of sitemonitor.

Thanks.

Link to comment
Share on other sites

Can you give me an example. This line automaticaly stood in the start dir field of the configurationpage of sitemonitor.

Thanks.

An example would be...

 

/home/abe1983/public_html/

 

Look in your cPanel -> file manager and at the top left you will likely see the path to your file space in a text box.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

An example would be...

 

/home/abe1983/public_html/

 

Look in your cPanel -> file manager and at the top left you will likely see the path to your file space in a text box.

 

I've got now this error:

 

Warning: opendir() [function.opendir]: Unable to access home/public/sites/ in /public/sites/www.deriemenshop.nl/inlog/includes/functions/sitemonitor_functions.php on line 419

 

Warning: opendir(home/public/sites/) [function.opendir]: failed to open dir: No such file or directory in /public/sites/www.deriemenshop.nl/inlog/includes/functions/sitemonitor_functions.php on line 419

 

And I've got still the problem with the inlog with another unknown user?

Link to comment
Share on other sites

I've got now this error:

Warning: opendir() [function.opendir]: Unable to access home/public/sites/ in /public/sites/www.deriemenshop.nl/inlog/includes/functions/sitemonitor_functions.php on line 419

What do you have in catalog/includes/configure.php on this line? :

define('DIR_FS_CATALOG', '/home/username/public_html/catalog/');

Link to comment
Share on other sites

I've installed the contribution on one of my sites and overall I think it's pretty slick. However, I do have one issue. I've noticed the log file and the reference file in several places now on my server. It appears those files are generated based on where the command is run from or something. In my case, I found copies in the catalog directory, the admin directory, and the directory where my cron script is located. Having those files in the catalog directory is a problem because it exposes the full directory structure and script names of my entire site in a public way. I'm not sure what I did to get the files to show up there, but the script should be modified so that the files are always stored in the admin directory where they can be protected. Also, the reference file is a php file, but if you load it in your browser, it displays the contents of the file. It may as well be a text file if you're going to do it that way... The contents of that file should probably be contained inside php tags so that the information is there, but not accessible directly from the browser.

 

It is possible I've configured my site incorrectly, so maybe this is mute point, but if not, it would be nice to figure out how to solve these issues, as the contribution could potentially make the site less secure.

Link to comment
Share on other sites

I've installed the contribution on one of my sites and overall I think it's pretty slick. However, I do have one issue. I've noticed the log file and the reference file in several places now on my server. It appears those files are generated based on where the command is run from or something. In my case, I found copies in the catalog directory, the admin directory, and the directory where my cron script is located. Having those files in the catalog directory is a problem because it exposes the full directory structure and script names of my entire site in a public way. I'm not sure what I did to get the files to show up there, but the script should be modified so that the files are always stored in the admin directory where they can be protected. Also, the reference file is a php file, but if you load it in your browser, it displays the contents of the file. It may as well be a text file if you're going to do it that way... The contents of that file should probably be contained inside php tags so that the information is there, but not accessible directly from the browser.

The output from the script is stored in the directory it is ran in, which should be admin. If you are running it from somewhere else, you will need to change the code to deal with that.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

What do you have in catalog/includes/configure.php on this line? :

define('DIR_FS_CATALOG', '/home/username/public_html/catalog/');

 

Thank you Sijo! It worked for one site, but the other I get this message!

 

Warning: opendir() [function.opendir]: open_basedir restriction in effect. File(/home/username/public_html/) is not within the allowed path(s): (/var/www/vhosts/site.nl/httpdocs:/tmp) in /var/www/vhosts/site.nl/httpdocs/catalog/inlog/includes/functions/sitemonitor_functions.php on line 419

 

Warning: opendir(/home/username/public_html/) [function.opendir]: failed to open dir: Operation not permitted in /var/www/vhosts/site.nl/httpdocs/catalog/inlog/includes/functions/sitemonitor_functions.php on line 419

 

Warning: chmod() [function.chmod]: Operation not permitted in /var/www/vhosts/site.nl/httpdocs/catalog/inlog/includes/functions/sitemonitor_functions.php on line 545

Cannot change the mode of file (/var/www/vhosts/site.nl/httpdocs/catalog/inlog/sitemonitor_configure.php)

Link to comment
Share on other sites

Thank you Sijo! It worked for one site, but the other I get this message!

 

You have to check that you have the right path in the script for this site too.

Make a file called test.php and put in this code:

<?php
echo $_SERVER['SCRIPT_FILENAME']
?>

FTP this file to your site root and execute it in your browser, e.g. :

www.yoursite.com/test.php

It will show you the path of your site..

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...