Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

That worked fine and Manually Check for Hacked Files seems to be working now. So, we've moved somewhere, at least. The problem with excluded folders being monitored (cache, etc.,) remains. I'm unable to exclude them. BTW, any directory that has been added to the list cannot be removed by selecting again from the dropdown - it is no longer there - it has to be deleted manually from the box. Any ideas, Jack?

That's right. This was explained previously. I changed it so you have to erase the entry in the exclude box if you don't want it excluded, as opposed to selected the dropdown as before.

Share this post


Link to post
Share on other sites

Just wanted to make sure it's all OK and I also wanted to report as much as possible to make this work. Still, the problem with excluded directories being monitored remains. Any ideas please?


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

Just wanted to make sure it's all OK and I also wanted to report as much as possible to make this work. Still, the problem with excluded directories being monitored remains. Any ideas please?

No, I don't have any ideas. It seems to be working for everyone else. All I can suggest is be sure you are using the latest version and that your configure file has not been corrupted by the previous versions.

Share this post


Link to post
Share on other sites

No, I don't have any ideas. It seems to be working for everyone else. All I can suggest is be sure you are using the latest version and that your configure file has not been corrupted by the previous versions.

OK, it might be just me, but I doubt it... perhaps nobody else noticed or tested the same way. I've also tried to delete the configure file and create it again using the latest version. Can someone please do the following test:

1/make sure that cache folder is in your exclude list of directories - Configuration Control

2/using the first button, delete the reference file and create a new one.

3/go to tools/cache control and delete some of your cache file, categories or also purchased or both

4/go back to admin of sitemonitor and click Manually Execute Sitemonitor - if you see something like Found a deleted file named cache/categories_box-english.cache23_26, it is monitoring the excluded folder, my scenario.

 

The funny thing is that version 1.9 is working just fine and it is NOT monitoring the excluded folders. That fact is sort of showing that I've not made any stupid mistake, but I could be wrong.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

The funny thing is that version 1.9 is working just fine and it is NOT monitoring the excluded folders. That fact is sort of showing that I've not made any stupid mistake, but I could be wrong.

You may want to try to delete the reference file before running a check (use the second update button). When you do that, the script should fail since it can't find the reference file. If it runs, it means you have a path issue and there is a reference file at some other location.

Share this post


Link to post
Share on other sites

1/ I've deleted the reference file via ftp

2/ used the second button - and received - First time ran. Reference file was created and saved.

3/ used third button - No new files found... etc.

4/ deleted categories cache

5/ used third button - Found a deleted file named cache/categories_box-english.cache21

I've also tried:

1/ I've deleted the reference file again via ftp

2/ used the third button - and received - First time ran. Reference file was created and saved.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

I've also noticed something... number of files.

When I used first, second or third button, the total number of files being monitored is 5554.

However, when I execute the fourth button - Manually Check for Hacked Files, the result is more realistic, closer to what it should be with excluded directories I think:

Checked 340 directories containing a total of 2848 files. Skipped 2701 files. 2848+2701=5549 Also, when I use the version 1.9 with exactly the same configure file, delete the reference file, create new one using the second button and run monitor with the third button, the total files being monitored is 2075.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

I've also noticed something... number of files.

When I used first, second or third button, the total number of files being monitored is 5554.

However, when I execute the fourth button - Manually Check for Hacked Files, the result is more realistic, closer to what it should be with excluded directories I think:

Checked 340 directories containing a total of 2848 files. Skipped 2701 files. 2848+2701=5549 Also, when I use the version 1.9 with exactly the same configure file, delete the reference file, create new one using the second button and run monitor with the third button, the total files being monitored is 2075.

The hacker code section doesn't use the reference file to determine what is checked so the count will almost always be different.

Share this post


Link to post
Share on other sites

The hacker code section doesn't use the reference file to determine what is checked so the count will almost always be different.

Well, it's a pity but I have to stick with v_1.9 :(


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

Posting in the hope that this might be helpful to someone. I installed the 2.2 version today and at first received three oddities. First, the "Your username is invalid - Please change it and try again” message. Second, the “Fatal error: Call to undefined function: htmlspecialchars_decode() in /home/content/*/*/*/***/html/admin/sitemonitor_configure_setup.php on line 488” message. Oddity number three was no update or reset buttons on the bottom of the configure page.

 

So I noticed as someone else on this board did that the password being called was for my SQL database and not my site admin. After a bit of thought, I decided to directly check out the file sitemonitor_configure.php (located in your admin folder). The section I was interested in looks like this:

 

$start_dir = '/home/username/public_html'; //your shops root
$admin_dir = 'http://www.yourdomain.com/admin'; //your shops admin
$admin_username = 'username'; //your admin username
$admin_password = 'password'; //your admin password
$excludeList = array("admin/quarantine", "cgi-bin","admin"); //don't check these directories - change to your liking - must be set prior to first run

 

I edited the 'username' and 'password' to fit my admin information. I then edited the $admin_dir to match my domain and admin folder location. Finally I changed the admin in front of /quarantine in the $excludeList to match my admin location. I saved and entered back into my site. First problem was solved. No more username invalid message.

 

Next thing I took care of was the fatal error. I noticed a post with the same problem that Jack had already answered. This worked for the original post and also worked for me.

 

In admin/sitemonitor_configure_setup.php , find

htmlspecialchars_decode

and replace it with

html_entity_decode

That solved the fatal error problem and also surprisingly took care of the buttons issue (well it surprised me anyway). Both buttons appeared at the bottom of the configure page now and I also had a correct Sitemonitor Admin page now.

 

Now that I had update buttons I decided to try to remove my admin username and password using the configure page. This worked and I do not need them entered it appears.

 

In retrospect, I likely should have solved these in reverse order and then I could have just used the configure page to update. But the direct file edit worked in the end. I have now ran and tested the contribution a few times. It is working excellent on my site. Thank you Jack!

 

All of this is probably dumb for anyone who knows what they are doing, but in case it is helpful to other newbies like me I thought I would post.

 

Now 2 questions for those who know far more than me:

1. Is there a reason I should run using CURL as opposed to not using it?

2. Would it make sense for better security to download a copy of sitemonitor_reference.php to my local hard drive? Since this is the reference file, would it be better to not store it online? Would this cause errors later when I uploaded it and then ran sitemonitor?

Share this post


Link to post
Share on other sites

Posting in the hope that this might be helpful to someone. I installed the 2.2 version today and at first received three oddities. First, the "Your username is invalid - Please change it and try again” message.

 

Now 2 questions for those who know far more than me:

1. Is there a reason I should run using CURL as opposed to not using it?

2. Would it make sense for better security to download a copy of sitemonitor_reference.php to my local hard drive? Since this is the reference file, would it be better to not store it online? Would this cause errors later when I uploaded it and then ran sitemonitor?

Regarding the username is invalid, that was added because sooooo many people failed to set the username. The way the code works is that when you first go to admin->SiteMonitor, it reads in the configure file. That configure file, on a new install, will have the username set to username, which is invalid, so the code redirects you to the configure page and shows the invalid username message. But once that page loads, the code also reads in the shops confiugre file and preloads the real username so that when you get to the configure page, it appears SiteMonitor is setup correctly, but it isn't. You have to save those settings to actually save the username otherwise the sitemonitor configure file will still have username as a username and you'll be caught in a loop. I'll add a note to the next version that explains one needs to save the confiugre settings.

 

The curl option is only needed if your host won't allow the script to run without it.

 

Saving the reference file won't help since it will almost certanly be changed at some point.

Share this post


Link to post
Share on other sites

Thanks for this useful contribution.

 

I have a question though.

 

If it finds a deleted file(s), then in the email report that it sends, it lists them but at the end of the file it says

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

---

 

Is this normal? Shouldn't it check for these as well regardless of whether it found a deleted file or not?

 

And is there a way to only check for size, time/date, and permissions mis-matches?

If not then that would be a useful addition to this util.

Share this post


Link to post
Share on other sites

If it finds a deleted file(s), then in the email report that it sends, it lists them but at the end of the file it says

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

---

 

Is this normal? Shouldn't it check for these as well regardless of whether it found a deleted file or not?

 

And is there a way to only check for size, time/date, and permissions mis-matches?

If not then that would be a useful addition to this util.

Yes, that is normal, as explained several times in this thread.

Share this post


Link to post
Share on other sites

So in other words if you want it to also check for size, time/date, and permissions mis-matches one will have to customise the code.

 

This would make this a more useful contribution, because it hasn't shown size and time/date mis-matches once yet, not even on a hacked site.

Share this post


Link to post
Share on other sites

So in other words if you want it to also check for size, time/date, and permissions mis-matches one will have to customise the code.

 

This would make this a more useful contribution, because it hasn't shown size and time/date mis-matches once yet, not even on a hacked site.

No, the code already monitors those too. When deletions occur, you should verify they are valid and then re-create the reference file, or set the days setting to do so automatically.

Share this post


Link to post
Share on other sites

Yes the code may monitor it but if there's a deleted file(s) found then you can't find out about these other mis-matches.

It looks like only if there isn't any deleted file(s) will it show/check for the other mis-matches.

 

So if you delete the reference file and create a new one like you suggest, then you won't know about the other mis-matches.

Share this post


Link to post
Share on other sites

Yes the code may monitor it but if there's a deleted file(s) found then you can't find out about these other mis-matches.

It looks like only if there isn't any deleted file(s) will it show/check for the other mis-matches.

 

So if you delete the reference file and create a new one like you suggest, then you won't know about the other mis-matches.

An email is sent with the current conditions when a new reference file is create. As mentioned, this has all been covered before. Please read through the thread for a more detailed explanation.

Share this post


Link to post
Share on other sites

A new version has been uploaded with these changes:

 

- Added code to display correct line numbers in the hacker results.

- Added ob_start("security_update") to the hacker list.

- Added line numbers to the hacker popup to make it easier to find the offending code.

- Added hacker code word that was found in the file to the result display for easier identification.

- Added ability to exclude hacked files from the search.

- Changed code to allow hacker code with quotes to be tested.

- Changed configuration and admin settings so that single, instead of double, quotes are used.

- Changed code to use correct function based on php version.

- Changed code so that the glob function doesn't need to be type casted for some servers (hopefully).

 

Please note: the configure file format has changed. If you are upgrading, you must edit your configure file per the update instruction file or the contribution will not work.

Share this post


Link to post
Share on other sites

Jack, I upgraded from 2.2 to 2.3 today and am now having timeout problems when I try to create the reference file, I was not having this problem before the update.

 

Here's the error message:

 

Fatal error: Maximum execution time of 30 seconds exceeded in /home/myaccount/public_html/admin/includes/functions/sitemonitor_functions.php on line 463

Share this post


Link to post
Share on other sites

Jack, I upgraded from 2.2 to 2.3 today and am now having timeout problems when I try to create the reference file, I was not having this problem before the update.

 

Here's the error message:

 

Fatal error: Maximum execution time of 30 seconds exceeded in /home/myaccount/public_html/admin/includes/functions/sitemonitor_functions.php on line 463

None of the code for the reference file was changed except for the quotes, which wouldn't affect that part of it. Assuming you changed your configure file, I'm guessing it worked before but only marginally due to the server not being busy, or something like that. Try creating it again and if it still fails, try excluding directories to see if it will run.

Share this post


Link to post
Share on other sites

Hi Jack,

 

I'm having the same timeout problems with v2.3 and excluded already all of the 'big', but important directories (images, admin).

 

Always getting the error message:

Fatal error: Maximum execution time of 55 seconds exceeded in /catalog/includes/functions/sitemonitor_functions.php on line 463

 

Any advice ?

Thanks in advance,

Regards

Andreas

Share this post


Link to post
Share on other sites

No, the code already monitors those too. When deletions occur, you should verify they are valid and then re-create the reference file, or set the days setting to do so automatically.

 

 

An email is sent with the current conditions when a new reference file is create. As mentioned, this has all been covered before. Please read through the thread for a more detailed explanation.

 

 

Obviously an email is sent with the current conditions when a new reference file is created, but you are missing the point and have misunderstood my observation.

 

If it finds a deleted file(s), then in the email report that it sends, it lists the deleted files but it does not show if there are any

size, time, or permission changes.

 

You then suggested to create a new reference file, but that would be a mistake because you wouldn't know about any size, time, or permission changes from the last time you ran a report (the same report that showed the deleted files).

 

Do you see what I mean?

 

Sitemonitor has failed to show size and time/date mis-matches on a hacked site.

Share this post


Link to post
Share on other sites

Always getting the error message with v2.3:

Fatal error: Maximum execution time of 55 seconds exceeded in /catalog/includes/functions/sitemonitor_functions.php on line 463

 

Hi Jack,

any advice, what I can do?

All big directories are excluded (which should not), and it is givin' me the a.m. message.

 

A.m. Line 463 is the $parts-line within the following code:

function GetPart($part, $path)
{
 $parts = explode(",", $path);   
 return trim($parts[$part]);
}

 

Thanks in advance.

Regards

Andreas

Edited by Andreas2003

Share this post


Link to post
Share on other sites

Additional info: I have already set the maximum execution time of php scripts to 55 seconds (more is not possible due to my provider).

Memory size was 20 MB, I upped it to 30 MB with no success for the sitemonitor.

The error message appears, when running Sitemonitor in my admin backend.

 

My cronjob is not running successfully as well. The execution command is here:

/home/httpd/cgi-bin/php4 /usr/www/users/shop/admin/sitemonitor.php

 

But the shop is running under php5, so should I change the line to php5 ?

 

I found a piece of code in another contribution, which might help to prevent the timeout:

// Send fake header to avoid timeout, got this trick from phpMyAdmin
	$time1  = time();
       if ($time1 >= $time0 + 30) {
           $time0 = $time1;
           header('X-bpPing: Pong');
		}
}

Don't know, if this could help.

Edited by Andreas2003

Share this post


Link to post
Share on other sites

Additional info: I have already set the maximum execution time of php scripts to 55 seconds (more is not possible due to my provider).

Memory size was 20 MB, I upped it to 30 MB with no success for the sitemonitor.

The error message appears, when running Sitemonitor in my admin backend.

You need to cut down what's being monitored to see if there is a problem with a specific area. If you are monitoring some directory that has a 1,000 MB files, it will probably timeout no matter what you do. So exclude all directories and see what happens. Then exclude all directories except includes, and so on.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×