Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

The initial configure page should load, even though the settings may not be correct. It may be that it is timing out due to a large number of files in your account. If you have access to the error log, it might tell you what the problem is. Otherwise, your host should be able to tell you why it is failing. Don't ask for help with the script since most won't help. Explain that it is a commonly used script and that you want to know what is causing that error, which is a common, catch-all type of error.

 

Jack

Share this post


Link to post
Share on other sites

Jack

 

Is there any way of setting specific files to ignore in the hack check?

 

for example each time i run it on a clients site they get:

 

Checked 217 directories containing a total of 1253 files. Skipped 831 files. 11 suspected hacked files found.

Hacked Files Found

affiliate_show_banner.php

admin/database_admin.php

admin/includes/configuration_cache.php

admin/includes/classes/mime_decode.php

admin/includes/javascript/tiny_mce/plugins/paste/js/pasteword.js

admin/includes/javascript/tiny_mce/plugins/template/template.htm

admin/includes/javascript/tiny_mce/themes/advanced/js/about.js

includes/application_top.php

includes/boxes/calendar.php

includes/classes/seo.class.php

includes/modules/payment/paypal_ipn.php

 

and none of these files are suspect

Share this post


Link to post
Share on other sites

In admin/includes/functions/sitemonitor.php, find this line

$excludeFileArray[] = 'sitemonitor_functions.php';

and insert another below it with the name of the file you want to exclude, like

$excludeFileArray[] = 'application_top.php';

Doing that is probably OK if you know you are starting off with a clean setup of files. Otherwise, it defeats the purpose of the code. I plan to add some code to control that better at some point.

Share this post


Link to post
Share on other sites

Hello Jack,

 

I wasn't getting any emails from site monitor so I started digging around.

Seems like the generated emails were considered to be junk emails by the host. At least that's my explanation for it.

 

I changed the message strings that compose the final email message '$msg' in 'sitemonitor_functions.php', now it is working.

Might be of help to some folks out there. Making these string customizable could solve this issue for non-programmers.

 

Very nice contrib, thank you Jack.

 

Regards

Evolved

Share this post


Link to post
Share on other sites

Jack I was reading through another thread and a Steve_S suggested using this bit of code on a php page to see what errors were being generated...

 

error_reporting(E_ALL);

ini_set("display_errors", 1);

 

You might recall that I was getting a HTTP 500 error whenever I tried to run your sitemonitor_configure_setup routine. In any case I decided to add the code I posted above to sitemonitor_configure_setup.php to see what would happen and low and behold this was echoed to the screen...

 

Fatal error: Cannot redeclare microtime_float() (previously declared in /includes/auto_backup_db.php:45) in /includes/functions/sitemonitor_functions.php on line 396

 

As you'll see there is a conflict with spooks auto_backup contribution in that both contributions seem to declare some microtime_float function.

 

I know this isn't really your issue but I'm wondering if you might have a solution or could offer a suggestion as to how I might change sitemonitor_configure_setup to get past this.

 

Thanks in advance...

 

Dan

Share this post


Link to post
Share on other sites

It's already been addressed in this thread. Either read back through it or use the search box below to find it.

Share this post


Link to post
Share on other sites

It's already been addressed in this thread. Either read back through it or use the search box below to find it.

 

Thanks Jack...I found the post I needed regarding the function that was being declared twice and got that sorted out. My next problem was with the reference file and I discovered that I needed to charmod my admin directory to "777" to get it to work. I was under the impression that none of my permissions should be set that highly and I'm wondering if that directory needs to be set that way or if there is some other solution that will get the reference file set up without having to do that?

 

Dan

Share this post


Link to post
Share on other sites

No, that's not a good idea, especially for the admin directory. Unfortunately, some hosts have their servers setup so that directories have to have 777 to run. But it could be an ownership problem in your case. If your images directory in the root does not require 777, then that is what it is. You should contact your host and see if they will fix that. But if your images directory requiress 777 too, then it is how the server is setup and you are out of luck, unless you move to a more secure host.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

Thanks Jack. I'll raise it with my ISP.

 

BTW, thanks also for the excellent contribution. With the reference file issue sorted out the program is working like a champ.

 

Next on my list of things to do is to figure out how to get a cron job to run.

 

Thanks again...

 

Dan

Share this post


Link to post
Share on other sites

Hi Jack,

 

I have installed V1.9 and I have been able to get most things working just fine. The one that I am having an issue with the the Manually Check for Hacked Files capabilities. When I click the button, it returns this:

 

Warning: Invalid argument supplied for foreach() in /home/fourm3/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 402

 

This goes on recursively for as many directories as it finds, then chokes when it tries to use this information on these lines...

 

Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/fourm3/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 405

 

 

It looks like line 402 is using the GLOB function to go through the directories and subdirectories, but it's choking for some reason, here's the snip:

 

function rglob($sDir, $sPattern, $nFlags = NULL) //recursive function to get array of all files and directories
{
 $aFiles = glob("$sDir/$sPattern", $nFlags); //get the initial directory

 foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call where it chokes on line 402 <<---------------
 {
   $aSubFiles = rglob($sSubDir, $sPattern, $nFlags);
   $aFiles = array_merge($aFiles, $aSubFiles);
 }

 return $aFiles;
}

 

I added this:

echo '<pre>$afiles'.$afiles.'</pre>';

 

right after the $afiles = assignment, and the results came up blank, so the code must not be getting the directory names to go through.

 

I'm at a bit of a loss and I've searched for solutions through the rest of the forums posts, and as near as I can tell it hasn't cropped up for anyone else. Any ideas?

 

Matt

Share this post


Link to post
Share on other sites

Hi Jack,

Warning: Invalid argument supplied for foreach() in /home/fourm3/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 402

It might be that the DIR_FS_CATALOG in your configure file is not setup correctly.

Share this post


Link to post
Share on other sites

It might be that the DIR_FS_CATALOG in your configure file is not setup correctly.

 

That's one of the first things I checked and it appears to be formatted correctly. This is the location that it is looking for right?

 

/home/XXXX/public_html/scart3/

 

I added the XXX for obfuscation and 'scart3' is the name of the installation directory, and is correct.

 

Usually the configuration folders all require the trailing slash, but looking at the SM code, that doesn't appear to be an issue either.

 

Does GLOB require any particular permissions? The file permissions are standard 644 (depending)and directory permissions are generally 755. Right now the owner is the user, but some of these functions require the owner to be changed to nobody. The other SM functions are working with standard user owner permissions. I changed ownership of the sitemonitor_functions.php file from one to the other without any change in the errors.

Share this post


Link to post
Share on other sites

That's one of the first things I checked and it appears to be formatted correctly. This is the location that it is looking for right?

 

/home/XXXX/public_html/scart3/

 

I added the XXX for obfuscation and 'scart3' is the name of the installation directory, and is correct.

 

Usually the configuration folders all require the trailing slash, but looking at the SM code, that doesn't appear to be an issue either.

 

Does GLOB require any particular permissions? The file permissions are standard 644 (depending)and directory permissions are generally 755. Right now the owner is the user, but some of these functions require the owner to be changed to nobody. The other SM functions are working with standard user owner permissions. I changed ownership of the sitemonitor_functions.php file from one to the other without any change in the errors.

You can try changing this line

foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir)

to

foreach ((array)glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir)

 

and this line

array_merge($aFiles, $aSubFiles);

to

array_merge($aFiles, (array)$aSubFiles);

 

The second should take care of that error but I think the first is probably a server limit, like not enough memory for this script, or something like that.

Share this post


Link to post
Share on other sites

You can try changing this line

foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir)

to

foreach ((array)glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir)

 

and this line

array_merge($aFiles, $aSubFiles);

to

array_merge($aFiles, (array)$aSubFiles);

 

The second should take care of that error but I think the first is probably a server limit, like not enough memory for this script, or something like that.

 

FYI, I'm using PHP 5.2.9.

 

Hey that change seemed to work, the problem I now have is bumping up the timeout limit and the memory allocation settings. I bumped up the time to 120s (up from 30s) and the memory limit to 200mb (from 80mb), but I'm still hitting the limit. I was wondering if there was a way to do a separate exclusion for the hacker check than for the file change check? Do ou have a recommendation for the execution and the memory limit? I have a decent sized server, but I have a heavily modified version of OSCMax with about 1700 files to run through when you include FCKeditor and other JS modifications I have made. I would like them to be scanned for changes, but not necessarily for hack tweeks.

Share this post


Link to post
Share on other sites

I hadn't seen your other post recently on the previous page about excluding files. Will work on that.

 

So I have been upping memory and timeout time, and I have been lowering the 2000000 number you have set, and subsequent lowering has taken there error from this:

 

Fatal error: Allowed memory size of 209715200 bytes exhausted (tried to allocate 24 bytes) in /home/XXX/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 401

 

 

to this:

 

Fatal error: Allowed memory size of 209715200 bytes exhausted (tried to allocate 24 bytes) in /home/XXX/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 404

 

Which is moving the failure point from one array to another I think.

 

I fear that the previous changes I made to the array per your suggestion might not have fixed the original issue that I was having.

Share this post


Link to post
Share on other sites

I think that I found another issue with the site traversal looking for files/directories. I have a client who created a subfolder inside of 'images' but he included commas in the folder name.

 

example:

"images/UPLOAD/Image/Products/Bottles, Openers and Wine Racks"

"images/UPLOAD/Image/Products/Oak chips, beans, staves"

"images/UPLOAD/Image/Products/Spoons, paddles and bags"

 

 

 

I have added "images/UPLOAD" to the exclusion list, but this is what it is finding every time it runs into a directory with a comma in the name:

 

Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans

Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans

Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans

Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans

Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans

Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans

Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_67618.jpg

Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_Corkscrewsmall.jpg

Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_67617.jpg

Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_67640.jpg

 

It also goes on to find a bunch of Time Mismatches, and permission problems which is understandable if it is reading the directory name/structure wrong.

 

What is interesting about this is that if I exclude just the "images" directory , it will skip everything just fine. But when I remove "images" and replace it with "images/UPLOAD" it finds those other subdirectories. I'm not sure why that is. I think that either way there might be a bug in reading the directory structure if it has commas.

 

Can anyone else reproduce this issue?

Share this post


Link to post
Share on other sites

Those are invalid directory names so the SiteMonitor code won't handle them properly, nor should it. Have your client correct the names to fix the problem.

Share this post


Link to post
Share on other sites

Those are invalid directory names so the SiteMonitor code won't handle them properly, nor should it. Have your client correct the names to fix the problem.

 

 

Ok I fixed those directory names and that seems to have cleared up the issue with the reference file and sitemonitor functions.

 

I thought that there might be a possibility that the commas in the directory names was messing with the Hacker Check functions, but I am still getting the same errors.

 

I changed the rglob() function code back to the original version and took a another look at the errors. The number of errors seems to correspond closely to the number of directories that the system is supposed to be scanning, which is an encouraging sign. As a recap, these are the errors it was returning:

 

Warning: Invalid argument supplied for foreach() in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 406

 

Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 411

 

Warning: Invalid argument supplied for foreach() in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 406

 

Warning: array_merge() [function.array-merge]: Argument #1 is not an array in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 411

 

Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 411

 

Then at the end of the several hundred iterations, it finishes with this error:

 

Warning: Invalid argument supplied for foreach() in /home/xxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 89

 

(For Reference)
Line 406 =  foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call
Line 411 =  $aFiles = array_merge($aFiles, $aSubFiles);
Line 89 = foreach ($aFiles as $file)

 

 

It appears that the glob function is cycling through the directory structure fine, it is just having an issue loading the directory names into it's array, which is what I assume that the code changes you suggested was trying to fix.

 

I went back and changed line 411 from

$aFiles = array_merge($aFiles, $aSubFiles);

to

array_merge($aFiles, (array)$aSubFiles);

 

by itself and it no longer returned an error on that line. So with that result I would assume that it is this code that is creating the infinite loop:

 

foreach ((array)glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir)

 

Any thoughts?

Share this post


Link to post
Share on other sites

Try changing this line

  foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call

to this

  $tmpArray = glob("$sDir/*", GLOB_ONLYDIR);

 if (is_array($tmpArray) && ! empty($tmpArray))
 foreach ($tmpArray as $sSubDir) //recursive call

Share this post


Link to post
Share on other sites

Those are invalid directory names so the SiteMonitor code won't handle them properly, nor should it. Have your client correct the names to fix the problem.


Tony Mazz

Share this post


Link to post
Share on other sites

Hi Jack; along the lines of the directories to be ignored. I have one site that is mostly symbolic links. Is there a way to ignore them? Thanks for your efforts on this contribution.


Tony Mazz

Share this post


Link to post
Share on other sites

Try changing this line

  foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call

to this

  $tmpArray = glob("$sDir/*", GLOB_ONLYDIR);

 if (is_array($tmpArray) && ! empty($tmpArray))
 foreach ($tmpArray as $sSubDir) //recursive call

 

 

Well, it didn't crash, but I don't think it worked either. This is the message I got from the script:

 

Checked 1 directories containing a total of 0 files. Skipped 0 files. 0 suspected hacked files found.

 

Is there a better place that I can put an echo to see what is being sucked into the array or a better way to debug this?

 

My setup isn't really any different than a lot of other people, so I'm concerned that this is something that is stupid simple, and I'm just missing it.

Share this post


Link to post
Share on other sites

Hi Jack; along the lines of the directories to be ignored. I have one site that is mostly symbolic links. Is there a way to ignore them? Thanks for your efforts on this contribution.

You can try entering them into the array that stores files to ignore. I provided instructions for doing that here recently.

Share this post


Link to post
Share on other sites

Well, it didn't crash, but I don't think it worked either. This is the message I got from the script:

 

Checked 1 directories containing a total of 0 files. Skipped 0 files. 0 suspected hacked files found.

 

Is there a better place that I can put an echo to see what is being sucked into the array or a better way to debug this?

That would indicate the directories can't be read since glob is not returning an array. I suppose there could be something on your server preventing glob from working correctly. You could add print_r $tmpArray; to see the output but since the code is checking for that already, I don't think it will show you anything. You could try changing the initial directory set here

$aFiles = rglob(DIR_FS_CATALOG, '*');

to some sub-directory that you can manipulate, like

$aFiles = rglob('tmp', '*');

If that works, then you could expand the initial path until it fails.

Share this post


Link to post
Share on other sites

In admin/includes/functions/sitemonitor.php, find this line

$excludeFileArray[] = 'sitemonitor_functions.php';

and insert another below it with the name of the file you want to exclude, like

$excludeFileArray[] = 'application_top.php';

Doing that is probably OK if you know you are starting off with a clean setup of files. Otherwise, it defeats the purpose of the code. I plan to add some code to control that better at some point.

Hi again; I found this code to exclude a file, would this work on directories, as well? I have tried a couple variations with no luck. Here is the error I am getting for each directory that is linked:

 

Warning: is_dir() [function.is-dir.html]: Stat failed for /home/XXXSSS/public_html/mannix (errno=13 - Permission denied) in /home/XXXSSS/public_html/admin/includes/functions/sitemonitor_functions.php on line 173

 

Thanks again...


Tony Mazz

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×