Jack_mcs Posted November 12, 2010 Author Share Posted November 12, 2010 Adde the username and password but the problem persist. There isn't a password involved for the normal run so you probably entered in the curl settings. You need to fill in the start directory setting and leave the curl settings alone. As mentioned previously in this thread, you should look at the path in admin->modules and make sure your start directory entry matches the first part of that. You should also pay attention to the error that displays at the top of the confiugre page, assuming there is one, since it shows the usernames if they are not the same. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Troi Posted November 15, 2010 Share Posted November 15, 2010 If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically. The contribution can be found here. Jack Hi Jack I love this contribution, it was very easy to install which I did after some monkey hacked my admin and set up an administrator account for himself dropped prices on items and then tried to buy them... pffff. Anyway I've followed your instructions to the letter with regards to installation but when I click on Site Monitor in the admin panel I get the following error message at the top the URL is >>>>>>>>>>>>>>> http://www.mysite.com.au/catalog/admin/sitemonitor_configure_setup.php?invalid_username=true the message is>>>>>>>>>>> Your username is invalid. Please change it and try again.: System -> /smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/ - SiteMonitor -> smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/ I've tried changing user names and double checked the configuration file and permissions to make sure it's writing correctly but to no avail. please help. Quote Link to comment Share on other sites More sharing options...
ebadjika Posted November 15, 2010 Share Posted November 15, 2010 Hello Jack, Wonderfull contribution. Seems to be good, but I have 3 error messages on the top Error ERROR_ADMIN_NAME Error ERROR_FILE_MANAGER Error ERROR_IMAGES_NOT_PROTECTED What can I do? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 15, 2010 Author Share Posted November 15, 2010 the message is>>>>>>>>>>> Your username is invalid. Please change it and try again.: System -> /smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/ - SiteMonitor -> smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/ They have to match. Your's don't. Copy your system path to SiteMonitor's start directory setting. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 15, 2010 Author Share Posted November 15, 2010 Hello Jack, Wonderfull contribution. Seems to be good, but I have 3 error messages on the top Error ERROR_ADMIN_NAME Error ERROR_FILE_MANAGER Error ERROR_IMAGES_NOT_PROTECTED What can I do? Those are defined in the admin/includes/languages/english/sitemonitor_admin.php file. Be sure they are in there. If you are using a different language, then you have copy that file to the other language directory. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted November 17, 2010 Share Posted November 17, 2010 (edited) I think sitemonitor_functions.php line 431 should be if(is_dir($path."/".$file) && $file!="." && $file !="..")$size +=filesize($path."/".$file); Edited November 17, 2010 by snowbird Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 17, 2010 Author Share Posted November 17, 2010 I think sitemonitor_functions.php line 431 should be if(is_dir($path."/".$file) && $file!="." && $file !="..")$size +=filesize($path."/".$file); Good catch. Actually, that whole GetSize function is not needed. It should be deleted and the two calls to it should be changed to used filesize instead of GetSize. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
jamminjime Posted November 17, 2010 Share Posted November 17, 2010 Jack_mcs, You seem to be the most knowledgable about osCommerce. I have a problem that you may be able to answer. Soemone hacked my site. I found all of the admin logins and, what I think is, most of the files. However, there was a main form that they seemed to be using. XML.PHP. Any idea what this hack is? It seemed to give them access to my file manager, but I'm not THAT good with PHP. There was a lot of other files as well, but this one showed up in several places. It was in the root, the CSS folder, and ETC. Any help would be greatly appreciated. Thanks! Jim Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 18, 2010 Author Share Posted November 18, 2010 You seem to be the most knowledgable about osCommerce. I have a problem that you may be able to answer. Soemone hacked my site. I found all of the admin logins and, what I think is, most of the files. However, there was a main form that they seemed to be using. XML.PHP. Any idea what this hack is? It seemed to give them access to my file manager, but I'm not THAT good with PHP. There was a lot of other files as well, but this one showed up in several places. It was in the root, the CSS folder, and ETC. Any help would be greatly appreciated. Thanks! This is the support thread for SiteMonitor and that question isn't to do with it so you will need to ask in the general forums. I will say though that if you have the file manager installed, first, SiteMonitor should have notified you of that, and second, it should not be instaled. It is possible that that is how the hacker got in in the first place. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
altereco Posted November 19, 2010 Share Posted November 19, 2010 I just tried to install site monitor and I did everything in the directions but when I go to admin/sitemonitor/admin is says this in red at the top " Your username is invalid. Please change it and try again.: System -> /home/gogett9/public_html/ - SiteMonitor -> /home/username/public_html/" What am I supposed to do here? I didnt see anything in the directions about this and am a little lost because I don't know very much about this kind of stuff... Just trying to get my site secure. Thanks! Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 20, 2010 Author Share Posted November 20, 2010 I just tried to install site monitor and I did everything in the directions but when I go to admin/sitemonitor/admin is says this in red at the top " Your username is invalid. Please change it and try again.: System -> /home/gogett9/public_html/ - SiteMonitor -> /home/username/public_html/" What am I supposed to do here? I didnt see anything in the directions about this and am a little lost because I don't know very much about this kind of stuff... Just trying to get my site secure. Thanks! Step 5 says to setup the settings in the configure section. That message is showing that your SiteMonitor path doesn't match the systems path so it would appear you have not completed step 5. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
NewBudda Posted November 20, 2010 Share Posted November 20, 2010 I have the exact same problem, but don't know how to identify the right path. I tried the following: /var/www/vhosts/domain.de/ /var/www/vhosts/domain.de/httpdocs/shop/admin/ I am on a vServer. What am I missing here? Quote Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 20, 2010 Author Share Posted November 20, 2010 I have the exact same problem, but don't know how to identify the right path. I tried the following: /var/www/vhosts/domain.de/ /var/www/vhosts/domain.de/httpdocs/shop/admin/ I am on a vServer. What am I missing here? The correct path is displayed in the error on the configure page as system. Copy that into the start directory and click update. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
NewBudda Posted November 20, 2010 Share Posted November 20, 2010 Ok. I switched the paths and it worked. Thank you. I am now getting the error "Your images directory is not protected by a .htaccess file." I did not realise that this would have to be done. Where would I find out how to do this? Quote Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 21, 2010 Author Share Posted November 21, 2010 Ok. I switched the paths and it worked. Thank you. I am now getting the error "Your images directory is not protected by a .htaccess file." I did not realise that this would have to be done. Where would I find out how to do this? It's part of protecting your shop. SiteMonitor is telling you there is a security problem and you should fix it. Download a copy of the oscommerce package and use the .htaccess file from its images directory. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
NewBudda Posted November 21, 2010 Share Posted November 21, 2010 Thank you for your reply even though this doesn't seem to be part of the site monitor. I was not aware that I had deleted anything from the images folder and when I checked the original zip file (oscommerce-2.2rc2a.zip) I could a .htaccess in the images folder. There is one in the root folder of the shop but it doesn't mention the images folder. Would the htaccess be part of another add-on? Quote Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 21, 2010 Author Share Posted November 21, 2010 (edited) Thank you for your reply even though this doesn't seem to be part of the site monitor. I was not aware that I had deleted anything from the images folder and when I checked the original zip file (oscommerce-2.2rc2a.zip) I could a .htaccess in the images folder. There is one in the root folder of the shop but it doesn't mention the images folder. Would the htaccess be part of another add-on? No, it doesn't have anything to do with a contribution. It just wasn't included in previous releases of oscommerce but should have been. Edited November 21, 2010 by Jack_mcs Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
NewBudda Posted November 21, 2010 Share Posted November 21, 2010 (edited) I ran the first test and did the second. Half my website was moved into the quarantine folder. Obviuosly thats not the point. Should I disable the quarantine option? PS: OK, where would I find teh correct .htaccess file then? Edited November 21, 2010 by NewBudda Quote Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 21, 2010 Author Share Posted November 21, 2010 I ran the first test and did the second. Half my website was moved into the quarantine folder. Obviuosly thats not the point. Should I disable the quarantine option? The description for that option says any new files will be moved so having it set for a new install is not a good idea since they are all new. You should un without that option until you are sure everything is working. Then, if you want to use it, enable it, upload a new file and run it again (use the second or third update button) to see what happens. The quarantine option can be very useful but can also cause problems. Consider what happens if you have it set and then decide to upoad a new version of your index.php file. That would be quarantined, thus breaking your shop. In that case, you need to be sure to create a new reference file after the upload. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
NewBudda Posted November 21, 2010 Share Posted November 21, 2010 Would this be the correct htaccess file? http://addons.oscommerce.com/info/6066 ?? Quote Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 22, 2010 Author Share Posted November 22, 2010 Would this be the correct htaccess file? http://addons.oscommerce.com/info/6066 ?? I've already responded with how to get the correct file. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
altereco Posted November 22, 2010 Share Posted November 22, 2010 Hello, I just got site monitor working (I think) and when I go into "sitemonitor" within my admin it gives me this message at the top in red " WARNING: Your admin name is admin. That should be changed. WARNING: Your images directory is not protected by a .htaccess file." How do I do these two things? If I change the name of my admin will it break anything? and sorry I don't know much about developing, so the .htaccess is new to me. Thanks Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 22, 2010 Author Share Posted November 22, 2010 I just got site monitor working (I think) and when I go into "sitemonitor" within my admin it gives me this message at the top in red " WARNING: Your admin name is admin. That should be changed. WARNING: Your images directory is not protected by a .htaccess file." How do I do these two things? If I change the name of my admin will it break anything? and sorry I don't know much about developing, so the .htaccess is new to me. For the admin change, ask in the general forum or search for how to do that. For the htaccess, just read recent posts. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
anvip Posted November 22, 2010 Share Posted November 22, 2010 The line numbers for the hackers file is one off due to the <?php line. If you go to the next line, it is probably the list of hacker codes the script is checking for. The code reads in the files directly from the server. It can't find one if it isn't there. Are you sure you are looking in the correct images directory? About: WARNING: Your images directory contains .php files but it should not. Also found a php file in images directory, but after checking, I have no such file there ... Well, the glob page says Returns an array containing the matched files/directories, an empty array if no file matched or FALSE on error. Note: On some systems it is impossible to distinguish between empty match and an error. file: sitemonitor_admin.php if (count(glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php'))) { $messageStack->add(ERROR_IMAGES_HAS_PHP, 'error'); } If it's returning false, count() would count that as one value. Here is my solution file: sitemonitor_admin.php Replace if (count(glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php'))) { $messageStack->add(ERROR_IMAGES_HAS_PHP, 'error'); } with $phpdata = glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php'); if(empty($phpdata)) $phpdata = 0; else { $messageStack->add(ERROR_IMAGES_HAS_PHP, 'error'); } Quote Link to comment Share on other sites More sharing options...
NewBudda Posted November 22, 2010 Share Posted November 22, 2010 Would this be the correct htaccess file?http://addons.oscommerce.com/info/6066 ?? I've already responded with how to get the correct file. Sorry I must have missed it. English is not my first language :( I found the .htaccess file in the current release of oscommerce. Thank you! Quote Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.