Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

I have installed v1.9 sometimes it works but most times just times out, it runs for like a minute than i just get a blank page, and the hacking code scanner never worked, as soon as I runn it i get a blank page, is there any way of fixing this times out problems?

Share this post


Link to post
Share on other sites

I have installed v1.9 sometimes it works but most times just times out, it runs for like a minute than i just get a blank page, and the hacking code scanner never worked, as soon as I runn it i get a blank page, is there any way of fixing this times out problems?

There aren't any problems to fix. It is because you are scanning to many files and/or your host has the timeout on the server set too low. You will need to exclude some of the files.

Share this post


Link to post
Share on other sites

There aren't any problems to fix. It is because you are scanning to many files and/or your host has the timeout on the server set too low. You will need to exclude some of the files.

 

Usually works fine, but as soon as there is a new file or one modified then is when it just hangs. I got this from the log if it helps...

 

PHP Fatal error: Maximum execution time of 600 seconds exceeded in /httpdocs/admin/includes/functions/sitemonitor_functions.php on line 405, referer:

Share this post


Link to post
Share on other sites

Thanks for the reply but even after I created these 2 extra directories in shop root and admin root I still get the same errors.

 

I can't see any reference to these directories or creating them in the readme.txt.

 

1) Go to shop admin >> Site Monitor >> configure.

 

This runs sitemonitor_configure_setup.php, and there is an error at the top of the screen.

 

"Your username is invalid. Please change it and try again."

 

It is prompting with my mysql user and password in the Admin Username and Admin Password fields. Seems to be taking info fron configure.php rather than the administrators table.

 

Screen and readme.txt seems to indicate it should be a shop administrator rather than a mysql user.

 

2)Then when I blank that out, as I do not want to use curl, I get another error.

 

"jewel/xxfg/quarantine", "admin/quarantine", "cgi-bin","admin"

 

Which is exactly what was prompted in the excludes box, funnily enough I have changed my admin folder to xxfg as a security precaution so would expect it to prompt:

 

"jewel/xxfg/quarantine", "xxfg/quarantine", "cgi-bin","xxfg"

 

I tried

 

"quarantine", "xxfg/quarantine"

 

and still got the error message.

 

Any thoughts

 

G

 

I have the same problem - going to try 1.9

Share this post


Link to post
Share on other sites

A new version has been uploaded with these changes:

 

- Fixed problems in last two releases.

- Added check in the hacker test to look for php files in images directories.

- Added color coding to hacker results for quicker checking of the results.

Share this post


Link to post
Share on other sites

A new version has been uploaded with these changes:

 

- Fixed problems in last two releases.

- Added check in the hacker test to look for php files in images directories.

- Added color coding to hacker results for quicker checking of the results.

 

Tested version 2.2 :

I still have the same problem mentioned before:

If I change this line in sitemonitor_function.php

foreach ((array)glob("$sDir$slash*", GLOB_ONLYDIR) as $sSubDir) //recursive call

to:

foreach (glob("$sDir$slash*", GLOB_ONLYDIR) as $sSubDir) //recursive call

it works?


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

When executing 'Manually Execute Sitemonitor' there is no "Back" button.

If someone would like to have one, then do this:

In catalog/admin/includes/functions/sitemonitor_function.php find: (Near the end)

echo 'Email sent to shop owner.' .'<br>';
  }   

  if ($logfile)

and replace with:

echo 'Email sent to shop owner.' .'<br>';
  }   
echo '<br><br><td><input type=button value="Back" onClick="history.go(-1)"/></td>';
  if ($logfile)


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

This is a kewl contribution.

 

I have a question. How can I remove files from the hacked list if I know their safe?

I've gone back and pulled most of these off the install zip file and they are still coming up?

 

 

5 download.php

5 includes/functions/compatibility.php

5 includes/functions/general.php

2 includes/modules/payment/paypal_standard.php

5 xxx/configuration.php

5 xxx/modules.php

1 xxx/sitemonitor_configure.php

5 xxx/includes/classes/phplot.php

5 xxx/includes/functions/general.php

5 xxx/includes/javascript/calendarcode.js

5 xxx/includes/javascript/spiffyCal/spiffyCal_v2_1.js

5 xxx/includes/modules/newsletters/product_notification.php

 

Many times this appears to be the code location: osCommerce, Open Source E-Commerce Solutions

 

I've tried the delete Reference File and everything appears to be working but the above files are not safe?

 

 

"1 xxx/sitemonitor_configure.php "

 

first line is

 

<?php

Edited by aspenation

Share this post


Link to post
Share on other sites

I have a question. How can I remove files from the hacked list if I know their safe?

 

Many times this appears to be the code location: osCommerce, Open Source E-Commerce Solutions

 

You can't remove them from the hacked list but that option will be in a future version.

 

I hadn't noticed the line problem. It was working correctly at one point so I must have changed something to cause it to fail. I'll take a look at it when I get a chance.

Share this post


Link to post
Share on other sites

Hi,

 

Have just installed the new version, everything works great.

 

I have just gone to adjust a few files on the site and am trying to delete the old reference file and run it so new one is created but I am getting the follwing error still:

 

Fatal error: Maximum execution time of 30 seconds exceeded in catalog/admin/includes/functions/sitemonitor_functions.php on line 423

 

Now my question, is there any way in the code to allow for extending the period beyond 30 seconds to say 60, 180, 300 seconds etc? The reason I ask is that I would like to try and not exclude files from the scan - also the very first reference file created went without a hitch, just these replacements are doing this time out.

 

Any help would be appreciated.

 

Cheers!

Share this post


Link to post
Share on other sites

I have just gone to adjust a few files on the site and am trying to delete the old reference file and run it so new one is created but I am getting the follwing error still:

 

Fatal error: Maximum execution time of 30 seconds exceeded in catalog/admin/includes/functions/sitemonitor_functions.php on line 423

 

Now my question, is there any way in the code to allow for extending the period beyond 30 seconds to say 60, 180, 300 seconds etc? The reason I ask is that I would like to try and not exclude files from the scan - also the very first reference file created went without a hitch, just these replacements are doing this time out.

There is a command in the code to extend the time limit that will work in some situations. However, it won't work if your server is in safe mode so you may want to check with your host to see if that is the case. Many hosts will turn it off when asked. You can also try placing sleep commands in-between the various sections. For example, in admin/includes/functions/sitemonitor.php, find this line

/************** SEE IF THERE ARE ANY NEW FILES ****************/

and add this before it

sleep(100);

where 100 is 100 seconds. You can use any number you want. That will work on some servers but not on others - worth a try though. However, if it works and you have a bunch of them in the file so that it takes 10 minutes, for example, to complete, that is a ten minute window for a hacker to make changes that might go unnoticed. Probably very unlikely but something to be aware of.

Share this post


Link to post
Share on other sites

Very nice work, thank you for another great contribution. :)

 

Would it be possible to include automated cron configurable in the admin, as in the AutoBackup Database in Admin by spook (http://addons.oscommerce.com/info/2314)?

It would be a great help not to have to configure cron for each store.

 

Hope it can be included in a future release.


Patty

Share this post


Link to post
Share on other sites

Would it be possible to include automated cron configurable in the admin, as in the AutoBackup Database in Admin by spook (http://addons.oscommerce.com/info/2314)?

It would be a great help not to have to configure cron for each store.

I'm not familiar with that contribution, other than knowing it exists, but it is not possible to setup a cron job from admin. Maybe you are referring to setting some option the cron job uses but you can already do that in SiteMonitors admin settings.

Share this post


Link to post
Share on other sites

Thank you for your reply. :)

 

What I meant is to use a script that won't need to configure cron from admin, but will use a "fake" cron instead. It's in perl, if I'm not mistaken, and I've seen something like that used to set how often a script will run and doesn't use cron job. Works like a charm.

 

It's called "virtualCron": is a PHP class, that simulates a cron job, in order to execute scripts periodically without a real crontab command.

Edited by Patty

Patty

Share this post


Link to post
Share on other sites

It's called "virtualCron": is a PHP class, that simulates a cron job, in order to execute scripts periodically without a real crontab command.

Oh, I see. I will take a look at it when I have time.

Share this post


Link to post
Share on other sites

Hi Jack,

 

I updated to v2.2 from v2.1 and it seems to be working successfully. The only problem I'm noticing now is when I click on the radio button to check for updates, it tells me that 2 updates are available. Is there something else I need to edit to make sure or signify that I'm using the latest version?

 

Thanks

Share this post


Link to post
Share on other sites

I updated to v2.2 from v2.1 and it seems to be working successfully. The only problem I'm noticing now is when I click on the radio button to check for updates, it tells me that 2 updates are available. Is there something else I need to edit to make sure or signify that I'm using the latest version?

I forgot to update the version string in the file. It is in admin/sitemonitor_admin.php near the top. You can change it to 2.2 and the version checker will display correctly then.

 

Thanks for letting me know it is working.

Share this post


Link to post
Share on other sites

Hi,

I was using an older version of sitemonitor. I deleted all old files and uploaded the new ones.

I am getting an error

Fatal error: Call to undefined function: htmlspecialchars_decode() in /home/content/*/*/*/***/html/admin/sitemonitor_configure_setup.php on line 488

 

Did I do something wrong?

 

Thank you in advance.

Share this post


Link to post
Share on other sites

Hi,

I was using an older version of sitemonitor. I deleted all old files and uploaded the new ones.

I am getting an error

Fatal error: Call to undefined function: htmlspecialchars_decode() in /home/content/*/*/*/***/html/admin/sitemonitor_configure_setup.php on line 488

 

Did I do something wrong?

 

Thank you in advance.

Oh, I meant to put a check in for that. In admin/sitemonitor_configure_setup.php, find

htmlspecialchars_decode

and replace it with

html_entity_decode

. I haven't tested it but I think it will work.

Share this post


Link to post
Share on other sites

Hi Jack,

blank page after clicking Manually Check for Hacked Files. Tested on PHP 5.3.2 (Zend: 2.3.0) It is still not working, excluded directories (such as cache) are being monitored despite the fact that they're excluded. I'm sorry mate, version 1.9 works fine on the very same server.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

Oh, I meant to put a check in for that. In admin/sitemonitor_configure_setup.php, find

htmlspecialchars_decode

and replace it with

html_entity_decode

. I haven't tested it but I think it will work.

 

Thank you Jack. That worked.

I get this though.

I think it looks right but I am not sure what the mismatch is about.

-------------------------------------------

 

No new files found...

No deleted files found...

No size differences found...

Time Mismatch on stats/logs Last Changed on Thursday, 01 Jan 1970 00:00:00 GMT

No permissions mismatches found...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on May 3, 2010, 11:25 am

Total mismatches found were 1

Total files being monitored is 9932

Email sent to shop owner.

Edited by artstyle

Share this post


Link to post
Share on other sites

Hi Jack,

blank page after clicking Manually Check for Hacked Files. Tested on PHP 5.3.2 (Zend: 2.3.0) It is still not working, excluded directories (such as cache) are being monitored despite the fact that they're excluded. I'm sorry mate, version 1.9 works fine on the very same server.

 

For the Manually check for Hacked Files problem, try the solution that worked for me.

See this message

Edited by sijo

---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Thank you Jack. That worked.

I get this though.

I think it looks right but I am not sure what the mismatch is about.

 

Time Mismatch on stats/logs Last Changed on Thursday, 01 Jan 1970 00:00:00 GMT

It is saying that that file has changed since the reference file was created. A log file like that will change quite often so it will keep showing up in the results. You can exclude the stats directory using the exclude dropdown, or edit the admin/includes/functions/sitemonitor_functions.php file by finding this line

                   (strcmp($file, "sitemonitor_log.txt") == 0) ||

and adding this below it

                   (strcmp($file, "logs") == 0) ||

Share this post


Link to post
Share on other sites

For the Manually check for Hacked Files problem, try the solution that worked for me.

See this message

Thanks, that worked but also produced this error message: Warning: Invalid argument supplied for foreach() in /hosting/www/mystore.com/www/admin/includes/functions/sitemonitor_functions.php on line 564

 

I've therefore tried to change this line:

foreach ((array)glob("$sDir$slash*", GLOB_ONLYDIR) as $sSubDir) //recursive call

to this:

  $tmpArray = glob("$sDir/*", GLOB_ONLYDIR);

 if (is_array($tmpArray) && ! empty($tmpArray))
 foreach ($tmpArray as $sSubDir) //recursive call

as suggested by Jack here

 

That worked fine and Manually Check for Hacked Files seems to be working now. So, we've moved somewhere, at least. The problem with excluded folders being monitored (cache, etc.,) remains. I'm unable to exclude them. BTW, any directory that has been added to the list cannot be removed by selecting again from the dropdown - it is no longer there - it has to be deleted manually from the box. Any ideas, Jack?


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×