Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

Hi same here updated to latest version and kept getting invalid username, I have reverted back to an older version for now, look forward to the update/ instructions how how to install this.

So many people were trying to run this without setting the username that I decided to add code to check for that. You should only see the invalid username message if your username is set at username. In that case it will take you to the configure section so you can change it. But since this version has a broken configure section, you won't be able to do that. So try editing the configure file manually and change the username to the correct username and it should work.

Share this post


Link to post
Share on other sites

A new version has been uploaded. The admin section should be working properly now and I removed the defined text since that was not being included correctly for all shops. Please test it and let me know if there are still any problems.

Share this post


Link to post
Share on other sites

A new version has been uploaded. The admin section should be working properly now and I removed the defined text since that was not being included correctly for all shops. Please test it and let me know if there are still any problems.

Jack,

 

I installed on both shops. So far it has run through all files including admin. Success message is correct, but the exclude box still will not save my settings. No problem editing manually though.

I will interested how mine works when I add a new product as that has always resulted in a timeout for me.

 

Thanks for the great contribution!

 

Tim

 

 

ps:

Any idea why this line trips the hacker check?

osCommerce, Open Source E-Commerce Solutions 

Line 5 in about 10 files comes back as suspect.

Edited by knifeman

Share this post


Link to post
Share on other sites

Jack,

 

I installed on both shops. So far it has run through all files including admin. Success message is correct, but the exclude box still will not save my settings. No problem editing manually though.

I will interested how mine works when I add a new product as that has always resulted in a timeout for me.

 

Thanks for the great contribution!

 

Tim

With a little over 17k products I had to exclude my images folder in order to prevent the timeout. I do have an .htaccess that prevents anything other than image files from being served from that folder though.


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

With a little over 17k products I had to exclude my images folder in order to prevent the timeout. I do have an .htaccess that prevents anything other than image files from being served from that folder though.

Not sure how many files, but my images folder on one site is just under 18 meg.

I know when viewing through the Cpanel file manager it takes a long time for the list to render, so maybe there is a server issue.

 

Tim

Share this post


Link to post
Share on other sites

I installed on both shops. So far it has run through all files including admin. Success message is correct, but the exclude box still will not save my settings. No problem editing manually though.

Be sure you have reset the hacker code segments in the configure file to the original from the contribution. The previous version would have changed those.

ps:

Any idea why this line trips the hacker check?

osCommerce, Open Source E-Commerce Solutions 

Line 5 in about 10 files comes back as suspect.

Hmm, that's a very common line of text and I'm not see it fail on it in any of the installations I've done. Maybe the failure is due to the line above the one it is indicating?

Share this post


Link to post
Share on other sites

A new version has been uploaded. The admin section should be working properly now and I removed the defined text since that was not being included correctly for all shops. Please test it and let me know if there are still any problems.

 

Using "Manually Check for Hacked Files" come up with a blank page and no error. Tried in both IE & FF.

 

I have put this in admin/includes/functions/sitemonitor_functions.php at line 874 to have a 'Back' button:

echo '<td><input type=button value="Back" onClick="history.go(-1)"/></td>';

Just in case someone would like that..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Be sure you have reset the hacker code segments in the configure file to the original from the contribution. The previous version would have changed those.

Sorry to be so dense Jack. I am not sure I understand the direction.

 

I edited the admin file:

sitemonitor_configure.php I went as far as removing this line altogether:

 

$hackCodeSegments = array("error_reporting(0)", "base64_decode","<frame","gzdecode","eval"); //enter any hacker code that you would like to check for

And my exclude box will not save the changes. My sitemonitor_configure file has permissions of 644.

 

Tim

Share this post


Link to post
Share on other sites

Using "Manually Check for Hacked Files" come up with a blank page and no error. Tried in both IE & FF.

 

I have put this in admin/includes/functions/sitemonitor_functions.php at line 874 to have a 'Back' button:

echo '<td><input type=button value="Back" onClick="history.go(-1)"/></td>';

Just in case someone would like that..

It might be that the script is failing but you are not seeing the error due to how you server is setup. Take a look at your error log file and check for any entries related to this script.

Share this post


Link to post
Share on other sites

I edited the admin file:

sitemonitor_configure.php I went as far as removing this line altogether:

 

$hackCodeSegments = array("error_reporting(0)", "base64_decode","<frame","gzdecode","eval"); //enter any hacker code that you would like to check for

And my exclude box will not save the changes. My sitemonitor_configure file has permissions of 644.

The entries in the configure file have to start with a quote (") but the previous code was changing that to it ascii equivalent (') which would fail the comparison once loaded again. I was just saying to make sure the configure file uses " where it should.

 

If you remove a line from the configure file, it won't be saved because the code sees that as an error.

Share this post


Link to post
Share on other sites

It might be that the script is failing but you are not seeing the error due to how you server is setup. Take a look at your error log file and check for any entries related to this script.

 

I cant find any error logged.

Here is what I get trying to use "Manually Check for Hacked Files" (in IE):

sitemonitor.jpg

Translated:

This site can not be viewed in Internet Explorer

You can try this:

'Diagnose Connection Problems'

More information

 

Any idea?


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Hi Jack,

 

i install the latest version from the contrib. The osc-contrib-side name it Version 2.1, but the zip-file contains a update-doc from V2.1 to V2.2 ?!?!

 

But my problems are the same

 

- the handling with exclude selector / exclude list on the setup-page is very difficult

- i get blank pages on the first three points on the admin-page

 

i despair

 

Best regaqrds

Anja

Share this post


Link to post
Share on other sites

I cant find any error logged.

Here is what I get trying to use "Manually Check for Hacked Files" (in IE):

sitemonitor.jpg

Translated:

This site can not be viewed in Internet Explorer

You can try this:

'Diagnose Connection Problems'

More information

Does this happen when you click on the bottom update button or on one of the links in the results?

Share this post


Link to post
Share on other sites

Does this happen when you click on the bottom update button or on one of the links in the results?

 

When I click the bottom update button..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

All of a sudden, today whenever I click on any of the buttons or the admin or configure option I get a blank page. I have ran sitemonitor before but today it isn't working. Any clue whats goin on?


Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

All of a sudden, today whenever I click on any of the buttons or the admin or configure option I get a blank page. I have ran sitemonitor before but today it isn't working. Any clue whats goin on?

Have you updated to the latest version? If you did, you may read the previous couple of pages. If not what version are you using?


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

I haven't updated to the latest version. I'm using v 1.9..I want to know why it's just going blank rather than simply updating though. Unless this is an issue with 1.9?


Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

When I click the bottom update button..

I don't know what it might be. Others aren't havng the problem, or at least not posting about it, and I don't see it in the sites I've installed it into so it must be something related to your setup, or maybe the version of php you are using.

Share this post


Link to post
Share on other sites

I haven't updated to the latest version. I'm using v 1.9..I want to know why it's just going blank rather than simply updating though. Unless this is an issue with 1.9?

That's usually caused by the code timing out. Maybe you added more files that caused the script to fail where it wouldn't before. You can try editing the exclude list to exclude more and see if it starts working.

Share this post


Link to post
Share on other sites

^ I just updated to the latest version and all is in order.

 

Jack any advice on what I should be looking for when I have a suspected hacked file? I realize I don't know what hacked code looks like. I'm sure if it was something big and obvious, I'd notice but if it was something more obscure then I wouldn't.


Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

Hi Jack, I've just tested the latest version. Maybe I do not understand it's logic now or it is not working...

 

this is what I see on the page sitemonitor_configure_setup.php in Exclude List box: "contest","cache","feeds", "googlesitemap", "log", "admin"...

 

Do we agree that the script should not be looking in those directories for any changes? If yes, we're on the same track... The same folders are shown after I hit the update button. Next step, I move to /sitemonitor_admin.php and hit the update button in the Delete Reference File section. It takes quite long... and the output is email message containing this:

Found a new file named cache/xsell_products-espanol.cache64

Found a new file named cache/also_purchased-french.cache59

Found a new file named cache/also_purchased-english.cache78

and this...

Found a new file named contest/Absinthe_Contest_2006/ryan wot u bn doin_by_absinlee.jpg

Found a new file named contest/Absinthe_Contest_2006/original.sorry for the grayscale double_by_anonymous.rate

Found a new file named contest/Absinthe_Contest_2006/shadow_by_Gonzo.txt

and this...

Found a new file named admin/images/geo_flags/mv.gif

Found a new file named admin/images/geo_flags/sk.gif

Found a new file named admin/images/geo_flags/dm.gif

and many others...

 

Why is it monitoring those folders if I excluded them? To test it further, I deleted the cache (tools/cache control) and executed the sitemonitor - section Run Sitemonitor. Reference file is not deleted. Output, you may ask? This: 393 mismatches were found. Run the script manually or see the email for the actual mismatches. Of course that I saw the email, these are there:

Found a deleted file named cache/xsell_products-french.cache48

Found a deleted file named cache/xsell_products-english.cache45

Found a deleted file named cache/also_purchased-espanol.cache53

and many others...

 

Am I missing something obvious or have I been drinking too much absinthe? Either way if I exluded any folder in the version 1.9, it was not shown in any email message under any circumstances.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

^ I just updated to the latest version and all is in order.

 

Jack any advice on what I should be looking for when I have a suspected hacked file? I realize I don't know what hacked code looks like. I'm sure if it was something big and obvious, I'd notice but if it was something more obscure then I wouldn't.

There's no one thing to check for but, many times, the code that hackers add is the very first or the last one or two lines in a file. For a php file, the first line should always be just <?php, nothing else. So if you look at a suspected file and see the code segments shown in the configure section in those areas, then you need to look closer at that file. It could still be a hacked file but that sometimes takes an experienced eye to see it. In this version of SiteMonitor, when a file is shown as a suspected hacked file, if it is checked as being in the reference file and the dates match, then it is probably OK. That assumes it was good in the first place, of course.

Share this post


Link to post
Share on other sites

Hi Jack, I've just tested the latest version. Maybe I do not understand it's logic now or it is not working...

 

this is what I see on the page sitemonitor_configure_setup.php in Exclude List box: "contest","cache","feeds", "googlesitemap", "log", "admin"...

 

Do we agree that the script should not be looking in those directories for any changes? If yes, we're on the same

Yes, that is how it should work and is the same as previously versions.

 

Am I missing something obvious or have I been drinking too much absinthe? Either way if I exluded any folder in the version 1.9, it was not shown in any email message under any circumstances.

I don't have a reason why it is failing for you. Have you tried deleting the reference file? After you click on the Delete update button, if you look in the reference file does it have cache, admin, etc. listed? If so, the reference file is not being created correctly. If not, the code is not recognizing the paths. The code for the paths was changed in this version so, if it is the second situation, that is the problem. In that case, be sure the DIR_FS_CATALOG setting in the admin/includes/configure.php file has the correct path to your files and that that is the path in the SiteMonitor configure file.

Share this post


Link to post
Share on other sites

I don't know what it might be. Others aren't havng the problem, or at least not posting about it, and I don't see it in the sites I've installed it into so it must be something related to your setup, or maybe the version of php you are using.

 

I will try to investigate it when I get time..

PHP version: 5.2.13 (Zend: 2.2.0)


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

I will try to investigate it when I get time..

PHP version: 5.2.13 (Zend: 2.2.0)

I'm using the same versions, or close to them, so that shouldn't be the problem. If you can't find the reason and wouldn't mind providing me with ftp and admin access, I will take a look at it. I'm curious as to why so many are having problems when I can't get it to fail once.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×