Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

Once I have this installed, I will just press the bottom button in admin>sitemonitor>admin, it tells me of suspected hacked files and I go open them to verify if its actually hacked if it has code similar to one's hacker use, right? Is this understanding correct?

Yes, that is correct for the hacker code checking part of the contribution.

Share this post


Link to post
Share on other sites

Francys, on 22 February 2010 - 11:56 PM, said:

 

Hi i have noticed this in SiteMonitor contrib(http://addons.oscommerce.com/info/4441), when i run the option check for hacked files:

Checked 103 directories containing a total of 713 files. Skipped 531 files. 3 suspected hacked files found.

Ficheiros Hacked Encontrados

includes/modules/payment/paypal_standard.php

includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Database.php

includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Memcached.php

 

Ultimate SEO URLs 5 (http://addons.oscommerce.com/info/6768) is supposed to be trusted since it's a well broadcasted contribution, i haven't made any modifications to the original files except those needed for each contribution... can anyone explain what is wrong with those files:

includes/modules/payment/paypal_standard.php

includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Database.php

includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Memcached.php

 

Is there any hack script in these or its a false positive detection by sitemonitor and why is it showing

Thanks in advance

 

 

There's obviously an issue with the SiteMonitor code, I've never looked at it.

 

The files as downloaded are just fine.

 

Can anyone explain in a definitive way what is happening with site monitor... these 2 contribs are one of the major ones advised in this forum by the experts so it would be important to clarify this.

 

thanks in advance

Share this post


Link to post
Share on other sites

I ran sitemonitor and it listed an image as being new but I don't remember having touched it. I just deleted it because to be safe. What is the proper protocol for determining if images are safe?


Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

I ran sitemonitor and it listed an image as being new but I don't remember having touched it. I just deleted it because to be safe. What is the proper protocol for determining if images are safe?

If you are unsure of a file, you need to take whatever steps are necessary to be sure it is a good file. Keeping a clean set of your files on your computer means you can upload a known good copy when in doubt.

Share this post


Link to post
Share on other sites

Hello,

 

when i change the setting via admin -> configure, the file sitemonitor_configure.php is not updated after pushing the update button

Next, when pushed the update button, then the slashes / in the startdirectoy disappeared between the subdierctories, exam /usr/root/ -> usrroot

In the exclude list also the slashes disappeared and the " and , too.

 

Anyone recognises this?

Share this post


Link to post
Share on other sites

If the settings are sticking it might be a permissions problem. You could try chaning the permissions on the SiteMonitor files to 755 (or 777 is your host requires it).

Share this post


Link to post
Share on other sites

Hi Jack

 

can you tell me what this means please?

 

this morning the site monitor email said "Time Mismatch on .htaccess Last Changed on Wednesday, 24 Feb 2010 02:44:00 GMT", but I checked the file and nothing's been changed in it.

 

At the same time there are plenty of this in the error log:

 

----------------

[24-Feb-2010 03:55:27] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/uploadprogress.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/uploadprogress.so: cannot open shared object file: No such file or directory in Unknown on line 0

---------------

 

Thanks for reading

Isabella


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

You should contact your host regarding the second error. With that type of error, it is generally a waste of time to try to locate the first.

Share this post


Link to post
Share on other sites

Does that mean that the second error caused site monitor to assume that .htaccess had been changed when in fact it hadn't? sorry but it's confusing.


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Does that mean that the second error caused site monitor to assume that .htaccess had been changed when in fact it hadn't? sorry but it's confusing.

No, the errors have nothing to do with each other. Site monitor reported a mismatch in the date because the .htaccess file had been 'touched', whether it had been altered or not, on Wednesday, 24 Feb 2010 02:44:00 GMT. What were you doing on Wednesday, 24 Feb 2010 02:44:00 GMT? Did you even look at it? Restore it? Did your host restore all your files without telling you perhaps?


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

I didn't touch the site at all on that date, and it's the only file that reports having been touched on that date. However I checked it and it hasn't been modified. So I wonder, could it be that someone from outside tried to do something to it? I'm the only one with access to my files.


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Hi, before I get attacked I'd just like to say that I have changed all permissions to 777, 755, 666, and 644 like a trillian times, made sure my password and username were correct and ran, deleted my user name, pass, and directory to try with no curl, re-installed many times, checked my admin / include directory, and even contacted my host to tell them to fix it...they said there was probably something in the code. Hey Thanks! no kidding... can you let it work?

Anyway, I still come up with these errors when I try to run it but the Manual run works fine.

 

Example on the configuration:

PHP Warning: fopen(mysite/catalog/admin/sitemonitor_configure.php) [function.fopen]: failed to open stream: Permission denied in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 349 PHP Warning: fwrite(): supplied argument is not a valid stream resource in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 359

 

Example on the "delete reference":

PHP Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 162 PHP Warning: readdir(): supplied argument is not a valid Directory resource in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 164

 

 

If it is the permission problem, I'm not sure why it's not working or am I out of luck...admin folder to 777 and sitemonitor_functions.php to 666? If it's something I have to tell the host...what do I tell them to do? I'm sorry for the helplessness but I'm a complete noob.

 

Thanks for any help.

mike

Share this post


Link to post
Share on other sites

I didn't touch the site at all on that date, and it's the only file that reports having been touched on that date. However I checked it and it hasn't been modified. So I wonder, could it be that someone from outside tried to do something to it? I'm the only one with access to my files.

Try creating a new reference file (top button in admin) and see if it happens again.

Share this post


Link to post
Share on other sites

PHP Warning: opendir(/home/username/public_html) [function.opendir]:

The username is incorrect.

Share this post


Link to post
Share on other sites

The username is incorrect.

 

Thanks for your help Jack, I truly appreciate it!

The pass is defaulting incorrectly so I can't update it without an error on the configure page. I changed my name and pass a while ago and have reinstalled sitemonitor since but it still defaults to the old one. Not sure how to clear that.

Share this post


Link to post
Share on other sites

I didn't touch the site at all on that date, and it's the only file that reports having been touched on that date. However I checked it and it hasn't been modified. So I wonder, could it be that someone from outside tried to do something to it? I'm the only one with access to my files.

 

I noticed that when I used the IP Blocker in cpanel that my htaccess file showed up as being changed in site monitor. Could this apply in your case?


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Thanks for your help Jack, I truly appreciate it!

The pass is defaulting incorrectly so I can't update it without an error on the configure page. I changed my name and pass a while ago and have reinstalled sitemonitor since but it still defaults to the old one. Not sure how to clear that.

If the admin configure section isn't working properly, it is almost certainly due to server permissions. But to get around that, just edit the sitemonitor_configure.php file directly. Just be sure not to delete anything from it. Just change the needed settings and it should work.

Share this post


Link to post
Share on other sites

If the admin configure section isn't working properly, it is almost certainly due to server permissions. But to get around that, just edit the sitemonitor_configure.php file directly. Just be sure not to delete anything from it. Just change the needed settings and it should work.

 

Hey Jack, thanks for all the help. I have updated my login and pass direcly and get a different error. Permissions are set to "777" and I'm not sure what else to do. I do have a renamed (and pass protected) admin folder...if that matters.

 

on Delete Reference:

PHP Warning: opendir(http://mysite.com/catalog/) [function.opendir]: failed to open dir: not implemented in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 162 PHP Warning: readdir(): supplied argument is not a valid Directory resource in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 164

 

on Execute Sitemonitor command in Admin:

 

PHP Warning: opendir(http://mysite.com/catalog/) [function.opendir]: failed to open dir: not implemented in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 162 PHP Warning: readdir(): supplied argument is not a valid Directory resource in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 164

 

on Update in configure:

 

PHP Warning: fopen(E:/mysite.com/catalog/admin/sitemonitor_configure.php) [function.fopen]: failed to open stream: Permission denied in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 349 PHP Warning: fwrite(): supplied argument is not a valid stream resource in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 359

 

 

Thanks for everything,

Mike

Share this post


Link to post
Share on other sites

I noticed that when I used the IP Blocker in cpanel that my htaccess file showed up as being changed in site monitor. Could this apply in your case?

 

Thanks for your reply.

I don't know if it has to do with the ip blocker at all, but it's not the first time my files are reported as having been changed even though I didn't touch them, and I am the only one with access to them.

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Try creating a new reference file (top button in admin) and see if it happens again.

 

That's what I did, and I also replaced the htaccess file with one from a backup (just in case, even though I saw no changes in it), so far it hasn't happened again.


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Hey Jack, thanks for all the help. I have updated my login and pass direcly and get a different error. Permissions are set to "777" and I'm not sure what else to do. I do have a renamed (and pass protected) admin folder...if that matters.

What's in your start directory setting?

Share this post


Link to post
Share on other sites

Hello can we discuss Site Monitor results here or is there a proper thread for this? well sorry if not i will post here, correct something if i'm wrong, help is apreciatted thanks,

 

 

**RESULTS OF SITE MONITOR SCAN**

Checked 103 directories containing a total of 859 files. Skipped 531 files. 3 suspected hacked files found.

Hacked Files Found in scan

modules/payment/paypal_standard.php

modules/ultimate_seo_urls5/classes/Usu_Cache_Database.php

modules/ultimate_seo_urls5/classes/Usu_Cache_Memcached.php

 

Questions:

1- Why is sitemonitor skipping 531 files

2- why is paypal returning positive, i don't even have it installed, is it because of it's code although it's a safe one...

3- I know you don't comment in contributions made by others, but i'm not asking you to... i'm just asking if you agree the reason Sitemonitor is returning positive en ultimate_seo_urls5 is because it is creating cache directories (but once again they are safe)

 

Answers will be greatly appreciated, keep up the good work and thanks.

Share this post


Link to post
Share on other sites

Questions:

1- Why is sitemonitor skipping 531 files

2- why is paypal returning positive, i don't even have it installed, is it because of it's code although it's a safe one...

3- I know you don't comment in contributions made by others, but i'm not asking you to... i'm just asking if you agree the reason Sitemonitor is returning positive en ultimate_seo_urls5 is because it is creating cache directories (but once again they are safe)

All have been answered many times in this thread and/or in the documentation, but in short:

1 - because it skips files that aren't usually hacked

2 - because it uses code that is similar to a hackers code

3 - because it uses code that is similar to a hackers code

Share this post


Link to post
Share on other sites

I just installed this and im getting this error:

 

Warning: chmod() [function.chmod]: Operation not permitted in /home/a6153676/public_html/drv/includes/functions/sitemonitor_functions.php on line 344

 

Also the start directory is where the catalog files are not admin correct?

Share this post


Link to post
Share on other sites

I just installed this and im getting this error:

 

Warning: chmod() [function.chmod]: Operation not permitted in /home/a6153676/public_html/drv/includes/functions/sitemonitor_functions.php on line 344

 

Also the start directory is where the catalog files are not admin correct?

For the chmode problem, you can try the fixes mentioned in this thread. There have been several but I think the first was on the first page or two. If that doesn't work, you will need to ask your host about it since it is a permissions setting on the server.

 

The start directory is the top level directory that you want to start scanning. That is generally the root of the shop (where your catalog files are located).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×