Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

See the many previous posts on this error.

 

Sorry Jack, I see I missed the step Step 5: Go to admin->Sitemonitor->Configure, setup the various settings and

click Update.

 

I gotta be more careful.

Share this post


Link to post
Share on other sites

Sorry Jack, I see I missed the step Step 5: Go to admin->Sitemonitor->Configure, setup the various settings and

click Update.

 

I did that too - I did not click "update" as I hadn't altered the settings and I got the same error as you but works fine now. presumambly you have to "update" to set something in the module first and foremost.


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

I get this result:

Checked 55 directories containing a total of 432 files. Skipped 289 files.

I did not alter the exclude list (as far as I know) but it reads:

 

"testsite/newadminname/quarantine", "admin/quarantine", "cgi-bin","admin"

 

I have a renamed my admin folder so there is no "admin" folder on the website. I understand why the quaranteen files are excluded but why is "admin" excluded? Is that normal, and if so, do I need to alter that to "newadminname"?

 

Why are so many files skipped? I did search the topic si I hope I haven't missed the answer!


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

I get this result:

Checked 55 directories containing a total of 432 files. Skipped 289 files.

I did not alter the exclude list (as far as I know) but it reads:

 

"testsite/newadminname/quarantine", "admin/quarantine", "cgi-bin","admin"

 

I have a renamed my admin folder so there is no "admin" folder on the website. I understand why the quaranteen files are excluded but why is "admin" excluded? Is that normal, and if so, do I need to alter that to "newadminname"?

 

Why are so many files skipped? I did search the topic si I hope I haven't missed the answer!

Yes, you need to change the settings to fit your site. If you do not have a directory named admin, then admin should be removed from the list, though it doesn't hurt to be there. If you want some other directory to be skipped, then you should enter that directory into the list.

 

 

The hacker checking code skips all images, .txt and .zip files. Sometimes images are hacked but not worth checking, I don't think. If you find you have been hacked, then the images should be checked too. It happens but is rare, in my experience. It doesn't matter if .txt or .zip files are hacked unless you use those in some way, like providing download files. If you think it would be better to check evereything, you can edit the includes/site_monitor.php file to remove those entries.

Share this post


Link to post
Share on other sites

Yes, you need to change the settings to fit your site. If you do not have a directory named admin, then admin should be removed from the list, though it doesn't hurt to be there. If you want some other directory to be skipped, then you should enter that directory into the list.

 

Thanks Jack,

I guess it's the images that are being skipped.

I'm curious as to why the admin directory (or whatever its renamed as) would be excluded? Don't hackers hack admin files?


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Thanks Jack,

I guess it's the images that are being skipped.

I'm curious as to why the admin directory (or whatever its renamed as) would be excluded? Don't hackers hack admin files?

On many sites, all of the files can't be monitored because the script will time out due to server settings. The admin is less likely to be hacked than the shop is but it can happen. If you hosting account will allow it, then you can monitor admin too.

Share this post


Link to post
Share on other sites

hi there

 

i installed and configured sitemonitor successful. It runs fine except one problem. I cannot exclude one folder. It doesn't work. I tried to choose from folderlist, tried to include it manually, tried to write it before other folders or after, nothing works! All other folders who i am excluding are working! I have read everything within the contrib, i added quotes and commas.

 

what the heck can be the problem here?

 

Thank you for a great contribution!

 

Regards

Oliver

Share this post


Link to post
Share on other sites

I don't even have a guess as to why that might happen. The code doesn't check the directories add to the list.

Share this post


Link to post
Share on other sites

On many sites, all of the files can't be monitored because the script will time out due to server settings. The admin is less likely to be hacked than the shop is but it can happen. If you hosting account will allow it, then you can monitor admin too.

 

I've allowed admin and it's not timing out so I'll keep it like that unless there's a problem.

 

I am getting the 2 emails issue described earlier in the topic when I click "Execute Sitemonitor". I tried the only fix I could find in the thread - delete the reference file on the server manually and then used the top update button followed by the next update button. No joy :( It's not a major problem just can't track down the cause. I don't normally get two emails from the website.

 

Otherwise, all seems fine. Thanks for your helpful contribution and support :)


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

I was having a few problems with this contrib that I would like to share. I think I was having the same problem as westindiestrader back in October.

 

I was getting “Failed to open file sitemonitor_reference.php” when I clicked on the Delete Reference File “update” button.

 

I've gone through a number of security processes and contribs prior to loading this contrib and I think the locking down of my admin directory had a lot to do with the problems I was having...

 

I had to chmod my admin folder, sitemonitor_log.txt and sitemonitor_configure.php to 0777 before I could get the contrib to work. I had locked and renamed my admin folder for obvious reasons but the contrib seemed to be able to detect the new admin folder and had it set correct in the Admin screen. I've since gone back and re-secured my admin folder and the contrib seems to continue to work OK. I’ll know better once things stabilize and I make more changes to my store.

 

I hope this helps someone in the future...

 

I’m also having the two emails and duplicate log entry problem mentioned above...

 

Anyone?

Edited by westerngecko

Share this post


Link to post
Share on other sites

I may have said all was ok too soon.... or maybe it's doing what it should...I do not know.

 

When I installed on my live site, I manually checked for hacked files and it gave some (mostly payment modules) that contain base64 unhacked code which were in i.e. "shop" folder (my test website). I excluded "shop" and executed sitemonitor - it said I had many deleted files (presumably as these are now excluded - the files are actually stil there - phew). I deleted the reference file so I'm not seeing the deleted files when I execute site monitor now.

 

1st QUESTION) the excluded folder is still being checked for hacked files - is that normal?

I altered a file on the test "shop" and it didn't pick it up so it's being excluded from "execute site monitor"

 

2nd QUESTION) should I be running two installations of site monitor or just one in route to cover both sites?

 

I hope that makes sense...


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

1- You lost me on this. It sounds like you said you excluded the shop, made a change and it didn't find it. And you conclusion was it didn't work? But ignoring that for a moment, you can't generally exclude the shop as a whole since SiteMonitor is ran within it. I suppose if the admin directory was in a different parent directory than the shop, that would be possible but I've never tested it under those conditions so I don't know what it would do.

 

2 - Both sites? I think you must be running admin and shop in different directories, as mentioned above. If so, you may need to create a new directory in the shop and run SiteMonitor from there.

Share this post


Link to post
Share on other sites

1- You lost me on this. It sounds like you said you excluded the shop, made a change and it didn't find it. And you conclusion was it didn't work? But ignoring that for a moment, you can't generally exclude the shop as a whole since SiteMonitor is ran within it. I suppose if the admin directory was in a different parent directory than the shop, that would be possible but I've never tested it under those conditions so I don't know what it would do.

 

2 - Both sites? I think you must be running admin and shop in different directories, as mentioned above. If so, you may need to create a new directory in the shop and run SiteMonitor from there.

 

I'm sorry if I didn't explain what I meant well.

My live shop is in route with admin below, my test shop is in a folder under route with admin below, 2 different databases. Let's call them "Catalogue" & "Test" folders. I have 2 site monitor running - 1 in "catalogue/admin" & 1 in "catalogue/test/admin".

 

1) Using the site monitor in "Catalogue" (my live site) "Execute Site Monitor" button worked with "test/admin" excluded i.e. didn't pick up the change to a file in "test".

 

BUT, when I used the bottom button to check for Hacked Files, Site Monitor checked "Catalogue" & "Catalogue/test" as it reported potentially hacked files from both my "Catalogue" & "test" sites. As "test" should be excluded, I found it odd that site monitor was still checking "test" for hacked files even though it should be excluded.

 

As I understand, one test is for changes to files and the other test is scanning for hacker code.

Why is it checking "test" for hacked code in files when it should be excluded? Doesn't the exclusion apply when it's checking for hacked code?

 

I hope that is clearer.


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

The exclude list doesn't apply to the hacker checking code. The hacker checking code checks all files in the directory it is in, in your case the root directory.

Share this post


Link to post
Share on other sites

The exclude list doesn't apply to the hacker checking code. The hacker checking code checks all files in the directory it is in, in your case the root directory.

Ok, that answers that question. So everything is working as it should (except double emails - is that a server issue?).

 

I just need to decide if it's best just to run one installation of Site Monitor in route checking both sites or to have an installation each on both test & live websites. What do you recommend?

 

Thanks again for your help & module.


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Ok, that answers that question. So everything is working as it should (except double emails - is that a server issue?).

 

I just need to decide if it's best just to run one installation of Site Monitor in route checking both sites or to have an installation each on both test & live websites. What do you recommend?

I don't know what the problem is with the double emails. The code is setup to only send it once and I can't reproduce the problem. I've installed it into many shops and none of those are having such a problem so I suppose it could be the server or maybe how it is setup. Until I am able to reproduce it, it's unlikely to be fixed.

 

Running just one stands more chance of failing with timeouts. Other than that, it doesn't make any difference if you run one or two instances of the script.

Share this post


Link to post
Share on other sites

I don't know what the problem is with the double emails. The code is setup to only send it once and I can't reproduce the problem. I've installed it into many shops and none of those are having such a problem so I suppose it could be the server or maybe how it is setup. Until I am able to reproduce it, it's unlikely to be fixed.

 

Running just one stands more chance of failing with timeouts. Other than that, it doesn't make any difference if you run one or two instances of the script.

The double emails is more of an inconvenience than a problem - I can live with it. I'll keep two installations going for now.

 

Thanks again Jack.


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

I don't know what the problem is with the double emails. The code is setup to only send it once and I can't reproduce the problem. I've installed it into many shops and none of those are having such a problem so I suppose it could be the server or maybe how it is setup. Until I am able to reproduce it, it's unlikely to be fixed.

 

Odd, I'm not doing anything out of the ordinary with this contrib?

 

I've implemented most of the changes as per the sticky "Secure your site" thread so maybe this contrib is conflicting with another security change. I'm also getting duplicate log entries for every scan.

 

Anyone else getting duplicate emails?

Share this post


Link to post
Share on other sites

Sitemonitor problem...?

Everything seems to work fine and it picks up all changes - however as soon as a file is deleted, it stops monitoring changes to size, time and permissions... It will continue to monitor deletions but for the others I get the following messages in the emails:

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

..has anyone else had this problem?

Share this post


Link to post
Share on other sites

It's not a problem but is how the code works. You can read about it in several places in this thread.

Share this post


Link to post
Share on other sites

..does that not partially reduce the effectiveness of Siemonitor though?

If a hacker was to delete a file from the server leaving Sitemonitor no longer able to detect other types of changes (size, dates etc - until a new ref file is created), the hacker could set about changing other files and the only way to detect changes would be a manual comparison of all files..

...or have I missed something?

Share this post


Link to post
Share on other sites

It's a necessary evil due to server limitations. Hackers rarely, if ever, delete a file. But if they do, it will show up in your email and you should be able to determine at that time what was done.

Share this post


Link to post
Share on other sites

Please forgive me if my question turns out to be a dumb one. I first installed this contrib because I was told it was necessary to increase safety on my website. I later found out that on a Windows server, this can't be run automatically and has to be run manually. I've since then changed over to a Linux server and this morning I found out that I have to insert my username and password eventough, I don't want to run curl. And I just caught this bit in the instruction file remembering to go there to know how to run a cron job.

 

IMPORTANT NOTE:

There is a place in the configure file to load the username and password of

admin. This is needed in order to allow curl to be used. But if the configure

page is filled in while on a non-secure page, it is possible for someone

to obtain that login information. Using curl is not required unless your server

won't allow fopen to be used. In that case, you should enable ssl for your

admin so entering this information is safe. Otherwise, the curl options in the

sitemonitor_configure.php file can be ignored (set to blank spaces).

 

 

Let's say that I'm a bit confused by all this. I was installing this to make my site more secure and now if I'm understanding correctly, if I don't have SSL... I can get hacked? When? Is it all the time or only when I'm accessing this particular page that the info can be hacked or just at the moment of entering the info on the configuration page? And if just at the moment of filling out the info on the page, can I just manually edit the page on and FTP the page and be safe?

 

Is there anyway for me to set this contribution up without creating weaknesses?

 

And if I'm dumb, please have a good laugh... but help me still... :D

Edited by mariemeh

Share this post


Link to post
Share on other sites

Don't use that option. Per the instructions you posted,

Otherwise, the curl options in the sitemonitor_configure.php file can be ignored (set to blank spaces).

Or from the instructions on the configure page of the contribution in admin
If you don't want to use curl or it is not installed on your server, this setting can be ignored.

Share this post


Link to post
Share on other sites

 

I was installing this to make my site more secure and now if I'm understanding correctly, if I don't have SSL... I can get hacked?

Is there anyway for me to set this contribution up without creating weaknesses?

 

 

Site monitor doesn't increase or decrease security - it will help you be alerted if files have been altered and thus reduce the damage if you are hacked.

 

Why don't you have SSL? It's only around £50.00 per year. You're worried enough to edit files and FTP them rather than enter info on your site but it's fine for customers to enter data on your site when you're not protecting transfer of their data with SSL?

 

To be honest, if a site owner can't be bothered to buy SSL then I shop elsewhere.


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×