Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

Hello Jack,

I installed your contribute and when I run Sitemonitor on the left applications menu, it returns an error:

"Warning: opendir(http) [function.opendir]: failed to open dir: No such file or directory in /web/htdocs/domain_name/home/catalog/admin/includes/functions/sitemonitor_functions.php on line 420"

I followed your suggestion modifying sitemonitor_functions.php in function folder to see what is the value of $dir and it return always "http" even if I change the value of Start Directory in many kinds of values. For example I tried: keeping blank, http, http://domain_name, http://domain_name/, http://domain_name/catalog, http://domain_name/catalog/, etc

The domain_name value is my domain name of course...

You should upload a clean sitemonitor_configure.php file and let the code fill in the start directory for you. If it is filling it in with something like http:..., then your configure file is setup incorrectly, in which case see here.

Share this post


Link to post
Share on other sites

I wasn't offering a free installation. I'll leave that up tp you. If the problem you are having still exists, which I don't think it will, then I will take a look at it if you like.

I know you weren't but I've noticed that you've uploaded new version just minutes after I've sent you the ftp details. I was just offering my server for you to find out what the problem is. I can certainly install the latest version myself and let you know if the problem is still there.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

Hi

 

I have updated sitemonitor to v2.4 thank you Jack for your powerfull contributions in this community.

 

Following is a list of the siteMonitor Report:

 

A - Can anyone tell if there is something blatently wrong with high hack probability in this list?

 

B - Of course you will have a false positive in admin/sitemonitor_configure.php (the hacker code is written there) so one notice to future versions would be in install file exclude sitemonitor_configure.php:

0001  <?php 
0002  /************** THE OPTIONS AND SETTINGS ****************/ 
0003  $always_email = 1; //set to 1 to always email the results 
0004  $verbose = 1; //set to 1 to see the results displayed on the page (for when running manually) 
0005  $logfile = 1; //set to 1 to see to track results in a log file 
0006  $logfile_size = 100000; //set the maximum size of the logfile 
0007  $reference_reset = 0; //delete the reference file this many days apart 
0008   
0009  $quarantine = 0; //set to 1 to move new files found to the quarantine directory 
0010   
(...)

0018  $excludeList = array('quarantine_path', 'quarantine_path', 'quarantine_path', 'cgi-bin','admin'); //don't check these directories - change to your liking - must be set prior to first run 
0019  $hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking 
0020  $hackCodeSegments = array('error_reporting(0)', 'base64_decode','<frame','gzdecode','eval','ob_start("security_update")'); //enter any hacker code that you would like to check for 
0021  ?> 

 

C - includes/ajax.js.php - line 19 and 21 has eval is this eval ok or is it suspect in the javascripts

 

0001  <?php 
0002  /* 
0003   $Id: ajax.js.php, v1.0 2008/04/04 19:50:14 insaini Exp $ 
0004   
0005   osCommerce, Open Source E-Commerce Solutions 
0006   http://www.oscommerce.com 
0007   
0008   Copyright (c) 2003 osCommerce 
0009   
0010   Released under the GNU General Public License 
0011  */ 
0012  ?> 
0013  <script language="javascript" type="text/javascript"><!-- 
0014  function getObject(name) { 
0015   var ns4 = (document.layers) ? true : false; 
0016   var w3c = (document.getElementById) ? true : false; 
0017   var ie4 = (document.all) ? true : false; 
0018   
0019   if (ns4) return eval('document.' + name); 
0020   if (w3c) return document.getElementById(name); 
0021   if (ie4) return eval('document.all.' + name); 
0022   return false; 
0023  } 
0024  
(...) 

 

D- includes/functions/compatibility.php - line 84 has eval

 

0074   if (!function_exists('array_reverse')) { 
0075   function array_reverse($array) { 
0076   for ($i=0, $n=sizeof($array); $i<$n; $i++) $array_reversed[$i] = $array[($n-$i-1)]; 
0077   
0078   return $array_reversed; 
0079   } 
0080   } 
0081   
0082   if (!function_exists('constant')) { 
0083   function constant($constant) { 
0084   eval("\$temp=$constant;"); 
0085   
0086   return $temp; 
0087   } 
0088   } 

 

E - includes/functions/general.php - In line 483 eval

0479   if ($suburb != '') $streets = $street . $cr . $suburb; 
0480   if ($state != '') $statecomma = $state . ', '; 
0481   
0482   $fmt = $address_format['format']; 
0483   eval("\$address = \"$fmt\";"); 
0484   
0485   if ( (ACCOUNT_COMPANY == 'true') && (tep_not_null($company)) ) { 
0486   $address = $company . $cr . $address; 
0487   } 
0488   
0489   return $address; 
0490   } 

 

F - includes/modules/payment/paypal_standard.php - line 345 base64

 

0342  // remove headers from the signature 
0343   $signed = file_get_contents(MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt'); 
0344   $signed = explode("\n\n", $signed); 
0345   $signed = base64_decode($signed[1]); 
0346   
0347   $fp = fopen(MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', 'w'); 
0348   fwrite($fp, $signed); 
0349   fclose($fp); 

 

G - /ultimate_seo_urls5/classes/Usu_Cache_Database.php - line 68 base64 detected

 

0065   usu::$cachefile_size = number_format( strlen( $row['cache_data'] ) / 1024, 2 ) . ' kb'; 
0066   usu::$performance['time'] = microtime( true ); 
0067   $this->md5check = md5( $row['cache_data'] ); 
0068   $rawdata = gzinflate( base64_decode( $row['cache_data'] ) ); 
0069   usu::$registry = unserialize( $rawdata ); 

 

H - /ultimate_seo_urls5/classes/Usu_Cache_Memcached.php -line 51 base64 detected

0049   if ( SEO_URLS_ENABLED != 'false' ) { 
0050   usu::$performance['time'] = microtime( true ); 
0051   if ( false === ( $rawdata = gzinflate( base64_decode( $this->get($this->cachename ) ) ) ) ) { 
0052   return usu::$registry = Usu_Registry::getInstance(); 
0053   } 

 

Thanks in advance

Francys

Share this post


Link to post
Share on other sites

You should upload a clean sitemonitor_configure.php file and let the code fill in the start directory for you. If it is filling it in with something like http:..., then your configure file is setup incorrectly, in which case see here.

Hello Jack,

really many thanks for your answer.

I checked again the configure.php file in admin directory. The only variabile that couldn't be set properly was DIR_FS_DOCUMENT_ROOT because the $DOCUMENT_ROOT isn't got from the system.

I forced DIR_FS_DOCUMENT_ROOT to /web/htdocs/my_domain_name/home value in configure.php. But SiteMonitor Setup returns always http value in "Start Directory" and "Admin Directory" fields.

I modified the sitemonitor_configure_setup.php to print the $filenameConfigure variabile because I think $dir gets the value from it and it returns correctly (I think) the value "/web/htdocs/my_domain_name/home/catalog/admin/sitemonitor_configure.php"... Of course I tried to set the DIR_FS_DOCUMENT to "http://www.my_domain_name" value in configure.php too.

I'm really frustrated because I would run your contrib on my website, but I'm not able to do it... There is something wrong that I don't understand.

Could you give me another idea to solve my problem, please?

Really many thanks again

Michele

Share this post


Link to post
Share on other sites

I checked again the configure.php file in admin directory. The only variabile that couldn't be set properly was DIR_FS_DOCUMENT_ROOT because the $DOCUMENT_ROOT isn't got from the system.

The contribution is setup to run on a standard shop. If yours is not setup that way, I won't be able to help. For what it is worth though, if your shop is using your confiugre file and it is working, then this contribution should work. Maybe you have a configure file in the local directory or something like that that is causing it to work in a different way.

Share this post


Link to post
Share on other sites

Hi

 

Ok i guess the files i posted aren't hacked (hence the lack of reply) i have been doing a bit of research and that is normal code, so i just mark them in excluded.

 

I am newbie in this so consider it and give me a slack because i am learning stuff and sometimes i may post some irrelevant stuff bare with it and thanks.

 

Have another issue, if it is relevant i appreciate reply... the site Monitor Report (i have fresh install) is returning truncated filenames:

 

Found a new file named hipping.php

Found a new file named ookie_usage.php

Found a new file named ogoff.php

Found a new file named hopping_cart.php

Found a new file named ncludes/general.js

Found a new file named ncludes/spiders.txt

Found a new file named ncludes/header.php

Found a new file named ncludes/footer.php

Found a new file named ncludes/column_left.php

 

 

What can be done to sort this... if you know ... i really appreciate answers.

 

Thanks in advance

Francys

Edited by Francys

Share this post


Link to post
Share on other sites

Have another issue, if it is relevant i appreciate reply... the site Monitor Report (i have fresh install) is returning truncated filenames:

 

Found a new file named hipping.php

 

What can be done to sort this... if you know ... i really appreciate answers.

That is due to the code removing the slash that it expects to be there but itsn't, so it is overshooting by one. That is a coding error in the contribution. To get around it, try adding a / to the start dir or removing it from the server path in the configure file (it shouldn't be there anyway).

Share this post


Link to post
Share on other sites

That is due to the code removing the slash that it expects to be there but itsn't, so it is overshooting by one. That is a coding error in the contribution. To get around it, try adding a / to the start dir or removing it from the server path in the configure file (it shouldn't be there anyway).

 

I tried and i added the /:

 

In catalog/configure.php the final result is looking like:

 

(...)
 define('HTTP_SERVER', 'http://www.mysite.com/');
 define('HTTPS_SERVER', 'http://www.mysite.com/');
 define('ENABLE_SSL', false);
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com);
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
(...)

 

I added the final / on lines 1 and 2 (HTTP_SERVER and HTTPS_SERVER) and i am still getting the same behaviour in SiteMonitor Reports.

 

Thanks in advance

Francys

Share this post


Link to post
Share on other sites

I tried and i added the /:

 

In catalog/configure.php the final result is looking like:

 

(...)
 define('HTTP_SERVER', 'http://www.mysite.com/');
 define('HTTPS_SERVER', 'http://www.mysite.com/');
 define('ENABLE_SSL', false);
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com);
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
(...)

 

I added the final / on lines 1 and 2 (HTTP_SERVER and HTTPS_SERVER) and i am still getting the same behaviour in SiteMonitor Reports.

 

Thanks in advance

Francys

No, the first two entries should not have a trailing slash. See this thread for how to set it up. It may not be your problem but the obvious should always be fixed first.

Share this post


Link to post
Share on other sites

Jack,

 

I've just loaded and tested your latest version 2.4 - no update, I've simply deleted all old files related to the SiteMonitor via ftp.

 

Good news is that the hacker works fine.

 

Configuration Control page, the "From:" box also shows the word From: with the email address (From: info@thestore.com) If I remove From: from the box, the email message doesn't have from field correctly, uses server's.

 

On each page load, The Exclude List box keeps offering folder "myadmin/quarantine" BUT it is NOT enclosed in quotation marks, the remaining folders such as 'cgi-bin' are OK.

 

It looks like excluded directories are finally excluded as it was (on my servers) working with version 1.9. I have noticed, however the following: after creating the reference file, I've added another folder in the exclude list. The folder is called 'contest' however in the email it is called ontest, see here: Found a deleted file named ontest/AbsinthePlanet.jpg

It looks like it is stripping the first letter, nothing to do with the folder name because when I deleted a file from backups folder, the message reads: Found a deleted file named yadmin/backups/db_backup.sql (where the admin is called myadmin). This appears only when adding a new folder to the exclude list, after a reference file was created.

 

Please feel free to login to see what I mean, you've got the details already.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

No, the first two entries should not have a trailing slash. See this thread for how to set it up. It may not be your problem but the obvious should always be fixed first.

 

Ok i will have a loot into it and feedback later.

 

Great contributer and helpfull, many thanks, really.

Francys

Share this post


Link to post
Share on other sites

Ok i have read the configure settings thread, and i think my configure.php files are ok.

 

One odd thing i discovered, i have catalog/configure.php, catalog/includes/configure.php and catalog/admin_dir/includes/configure.php

 

Questions:

 

A - I should remove catalog/configure.php right? (perhaps uploaded by mistake) but the rest are ok exactly like is told to in that thread.

 

B - and still i have the same issue with Sitemonitor path... Can you be more specific towards the code and file to change so SiteMonitor can show the output paths properly.

 

Thanks for everything,

Francys

Share this post


Link to post
Share on other sites

Ok i have read the configure settings thread, and i think my configure.php files are ok.

 

One odd thing i discovered, i have catalog/configure.php, catalog/includes/configure.php and catalog/admin_dir/includes/configure.php

 

 

A - I should remove catalog/configure.php right? (perhaps uploaded by mistake) but the rest are ok exactly like is told to in that thread.

 

Yes, delete the catalog/configure.php, you should only have two configure files with proper permissions - the permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

On each page load, The Exclude List box keeps offering folder "myadmin/quarantine" BUT it is NOT enclosed in quotation marks, the remaining folders such as 'cgi-bin' are OK.

This is fixed now.

 

It looks like excluded directories are finally excluded as it was (on my servers) working with version 1.9. I have noticed, however the following: after creating the reference file, I've added another folder in the exclude list. The folder is called 'contest' however in the email it is called ontest, see here: Found a deleted file named ontest/AbsinthePlanet.jpg

It looks like it is stripping the first letter, nothing to do with the folder name because when I deleted a file from backups folder, the message reads: Found a deleted file named yadmin/backups/db_backup.sql (where the admin is called myadmin). This appears only when adding a new folder to the exclude list, after a reference file was created.

This is also fixed now.

 

Once again, thank you for your great contributions and for taking time to help all of us! :thumbsup:


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

I can't seems to get it working. I installed everything and it appears to work, but when I try to set up the config I get an error. I have to have a folder excluded (I know that) but when I try something, like "test" is says it's not in quotes, even though it is. If I try 'test' I get the same error bar at the top, but it just says 'test' and has no error after it.

 

It may be an install problem because my Exclude Selector has nothing in it.

 

Anybody know whats going on. I've installed it and checked and it's is installed correctly from what I can tell, could this be because the admin folders name has been changed?

Share this post


Link to post
Share on other sites

A new version has been uploaded that should fix the problem with the missing characters and invalid paths some shops were having. My thanks to mr_absinthe for allowing me to test on his server to isolate the problem.

Share this post


Link to post
Share on other sites

A new version has been uploaded that should fix the problem with the missing characters and invalid paths some shops were having. My thanks to mr_absinthe for allowing me to test on his server to isolate the problem.

 

Hello Jack,

 

first of all, thank you very much for your great work.

 

I just installed the latest version and made some changes you might like to approve.

 

In sitemonitor_functions around line 194, I changed:

$hackedFiles[$ctr]['line'] = $line; 
$hackedFiles[$ctr]['file'] = $file;   
$hackedFiles[$ctr]['hackercode'] = $hackerCodeArray[$i];        

 

To this:

$hackedFiles[$ctr]['line'] = (int)($line+1); 
$hackedFiles[$ctr]['file'] = $file;   
$hackedFiles[$ctr]['hackercode'] = $hackerCodeArray[$i];
for ($j=$i+1; $j<$countInvalidCode; $j++)
{
 for ($line = 1; $line < count($contents); $line++)
 {
   if (strpos($contents[$line], $hackerCodeArray[$j]) !== FALSE)
   {
     $hackedFiles[$ctr]['line'] .= (string)(', ' . (int)($line+1)); 
     $hackedFiles[$ctr]['hackercode'] .= ', ' . $hackerCodeArray[$j];
   }
 }
}

 

The line numbers should match and all possibles hackstrings and lines get listed now instead of only the first.

 

Cheers

Evolved

Edited by Evolved

Share this post


Link to post
Share on other sites

first of all, thank you very much for your great work.

 

I just installed the latest version and made some changes you might like to approve.

Thanks for posting it. It isn't something I will add to the contribution but others may find it useful.

Share this post


Link to post
Share on other sites

Thanks for posting it. It isn't something I will add to the contribution but others may find it useful.

 

After posting I also noticed that the loop for checking the file lines should start with 0 like this:

for ($line = 0; $line < count($contents); ++$line)

 

Evolved

Share this post


Link to post
Share on other sites

I installed Site Monitor but cannot run the Admin because of the "Error Your username is invalid. Please change it and try again"

I try to leave it empty or enter any of the admin accounts, but keep getting the same error. Additionally, the Admin Directory can't be changed.

If the http is erased, then it seems to get the right directory, but if I choose update, it is never saved.

Share this post


Link to post
Share on other sites

I installed Site Monitor but cannot run the Admin because of the "Error Your username is invalid. Please change it and try again"

I try to leave it empty or enter any of the admin accounts, but keep getting the same error. Additionally, the Admin Directory can't be changed.

If the http is erased, then it seems to get the right directory, but if I choose update, it is never saved.

You can't just leave the username empty or guess at it. See the previous posts regarding how to find the correct username. You can also edit the sitemonitor_configure.php file directly if your server won't allow updating it. Although, if that is the case, it probably won't run anyway since it needs to be able to change files.

Share this post


Link to post
Share on other sites

You can't just leave the username empty or guess at it. See the previous posts regarding how to find the correct username. You can also edit the sitemonitor_configure.php file directly if your server won't allow updating it. Although, if that is the case, it probably won't run anyway since it needs to be able to change files.

 

I have the same problem, username incorrect and not saving. I just keep updating hoping eventually it will work itself out. I have tried the sitemonitor_configure.php route and it makes no difference

Share this post


Link to post
Share on other sites

I have the same problem, username incorrect and not saving. I just keep updating hoping eventually it will work itself out. I have tried the sitemonitor_configure.php route and it makes no difference

Some people have reported that they needed to change the permissions of the SiteMoniotr files. I've never seen this but I suppose it is possible. If so, check what the permissions are set to for your images directory and then change the SiteMonitor files to the same.

Share this post


Link to post
Share on other sites

You can't just leave the username empty or guess at it. See the previous posts regarding how to find the correct username. You can also edit the sitemonitor_configure.php file directly if your server won't allow updating it. Although, if that is the case, it probably won't run anyway since it needs to be able to change files.

 

I think it was the Admin Directory: that was giving me problems rather than the admin account name and password. After updating the configuration it always shows as just http so It was helpful to edit the sitemonitor_configure.php directly.

It's working now and backed up for safe keeping ;)

 

Thanks for your time.

 

-Jim

Share this post


Link to post
Share on other sites

Ive had the same issues as everyone else has reported with v2.5

 

previous versions worked fine but this one keeps looping aroudn saying i have incorrect admin login details and if i empty those fields out as it suggests if not using curl then it comes up with errors saying my ignore list shouldnt end and start with quotes

 

but ive left my existing configure file in place as i always have in the past

 

Ive has to downgrade back to v2.4 to keep this working :(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×