Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically.

 

The contribution can be found here.

 

Jack

so when i see the following Your username is invalid. Please change it and try again. is it refering to the start directory "username" or the username for an administrator. there are so many posts, but no good answers that can be found without reading every single one with the new forum layout.

Share this post


Link to post
Share on other sites

so when i see the following Your username is invalid. Please change it and try again. is it refering to the start directory "username" or the username for an administrator. there are so many posts, but no good answers that can be found without reading every single one with the new forum layout.

It's referring to the username of your hosting account. Go to admin->Modules and you will see the path to your shop there. That contains the username you need. If you can't figure out what the username is from it, you should contact your host and ask them.

Share this post


Link to post
Share on other sites

It's referring to the username of your hosting account. Go to admin->Modules and you will see the path to your shop there. That contains the username you need. If you can't figure out what the username is from it, you should contact your host and ask them.

thanks, that worked.

Share this post


Link to post
Share on other sites

Jack,

 

like to say shotly thx for your work - great!

 

i always look for your contribs - works - fine - the best i can get .....

 

rgds

alfred

Share this post


Link to post
Share on other sites

Jack

 

short upodate

 

if the user get a timeout

 

e.g.

 

Fatal error: Maximum execution time of 30 seconds exceeded in....

 

 

a good soloution is

 

to att in file sitemonitor_admin.php

 

after

 

require('includes/application_top.php');

 

 

this:

 

set_time_limit (0);

 

That change will not work if the server is working in 'safe mode'

 

rgds

 

alfred

Share this post


Link to post
Share on other sites

I just installed SiteMonitor and clicked on Configure in admin. When I try to update, I get a message at the top of the page that reads "FAILED: Exclude list does not begin with quotes." I'm not sure what to enter into that field. The drop-down above it shows nothing either.

Share this post


Link to post
Share on other sites

If the "Admin" folder was renamed, does it need to be changed here as well?

// sitemonitor text in includes/boxes/sitemonitor.php
define('BOX_HEADING_SITEMONITOR', 'SiteMonitor');
define('BOX_SITEMONITOR_ADMIN', '[font="Arial Black"]Admin[/font]');

Share this post


Link to post
Share on other sites

I just installed SiteMonitor and clicked on Configure in admin. When I try to update, I get a message at the top of the page that reads "FAILED: Exclude list does not begin with quotes." I'm not sure what to enter into that field. The drop-down above it shows nothing either.

 

I got the same error i change it to ' and it was fine

Share this post


Link to post
Share on other sites

I got the same error i change it to ' and it was fine

I tried adding an apostrophe but got that same pink strip across the top but with no error message.

Share this post


Link to post
Share on other sites

I tried adding an apostrophe but got that same pink strip across the top but with no error message.

The default configure file won't cause that failure so you either made some incorrect change to the configure file or you are using an old version.

Share this post


Link to post
Share on other sites

Hi Jack,

Great addon!

I'm having trouble getting it to check for hacked files. When I click the update button, it gives me an Error 500 - Internal Server Error. All of the other update functions of SiteMonitor work, and I checked my Configure page and everything looks correct. Do you know what could cause it? Is it possible that some .htaccess code could be causing issues? Thanks for your help!

Share this post


Link to post
Share on other sites

Hi Jack,

Great addon!

I'm having trouble getting it to check for hacked files. When I click the update button, it gives me an Error 500 - Internal Server Error. All of the other update functions of SiteMonitor work, and I checked my Configure page and everything looks correct. Do you know what could cause it? Is it possible that some .htaccess code could be causing issues? Thanks for your help!

That error, in relation to SiteMonitor, is usually due to the script timing out. The hacker checking code is checking more files than the monioting section so, if you have a lot of files, that might be the files. Although, no one has had such a problem that I am aware of so I wouldn't think that would be the problem. If it fails right away, it is probably something to do with your admin/includes/configure.php file. Look in the admin/error_log file, if there is one, to see if an error is reported. If not, provide your host with instructions on how to see the problem and see if they will take a look. Some will - some won't.

Share this post


Link to post
Share on other sites

Been having some issues with site and am not sure where the fix is yet. But that's another issue. So I manually checked for any hacked files. Found 43, but when looking at them I did not see anything our of the ordinary(sp). This one, the date match column is not checked:

 

19 admin_new_name/sitemonitor_configure.php error_reporting(0)

 

This is what is on line 19:

 

 0019  $hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking 

 

Also found a php file in images directory, but after checking, I have no such file there.

Share this post


Link to post
Share on other sites

Been having some issues with site and am not sure where the fix is yet. But that's another issue. So I manually checked for any hacked files. Found 43, but when looking at them I did not see anything our of the ordinary(sp). This one, the date match column is not checked:

 

This is what is on line 19:

 

 0019  $hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking 

 

Also found a php file in images directory, but after checking, I have no such file there.

The line numbers for the hackers file is one off due to the <?php line. If you go to the next line, it is probably the list of hacker codes the script is checking for.

 

The code reads in the files directly from the server. It can't find one if it isn't there. Are you sure you are looking in the correct images directory?

Share this post


Link to post
Share on other sites

The line numbers for the hackers file is one off due to the <?php line. If you go to the next line, it is probably the list of hacker codes the script is checking for.

 

 

So this is what is on line 19 of /xxxxx/sitemonitor_configure.php:

 

$hackCodeSegments = array('error_reporting(0)', 'base64_decode','<frame','gzdecode','eval','ob_start("security_update")'); //enter any hacker code that you would like to check for

 

So is this normal?

 

Thanks.

Share this post


Link to post
Share on other sites

I installed this application but give me this error:

 

Access Denied

No Right Permission Access

Please contact your Web Administrator to request

more access or if you found any problem.

 

The dir are set to 755 and file 644.

I can't set 777 because my hosting don't permit. If I set

777 appair 500 internal server error.

 

What could I do?

 

Thank you

Best regards

Share this post


Link to post
Share on other sites

I installed this application but give me this error:

 

Access Denied

No Right Permission Access

Please contact your Web Administrator to request

more access or if you found any problem.

 

The dir are set to 755 and file 644.

I can't set 777 because my hosting don't permit. If I set

777 appair 500 internal server error.

 

What could I do?

You shouldn't have to change the permissions but it sometimes happens with some hosts. There have been suggestions on how to get around that posted in this thread but you will probably need to ask your host for help. Some will - some won't.

Share this post


Link to post
Share on other sites

It seems that running Sitemonitor from admin and running it from a cron job are using different reference files. Has anyone else seen this as I get different results as the cron job compares to an earlier snapshot of the files and I have no idea where it has stored that reference file as it's not the one in admin. Could it be in a cache somewhere?

Share this post


Link to post
Share on other sites

It seems that running Sitemonitor from admin and running it from a cron job are using different reference files. Has anyone else seen this as I get different results as the cron job compares to an earlier snapshot of the files and I have no idea where it has stored that reference file as it's not the one in admin. Could it be in a cache somewhere?

It should use the same file and the script doesn't use cache. My guess is that the path is not correct in the cron job and the reference file is being written to the home directory (servers home, not web home). You should check there to see if the file exists and, if it does, fix the cron syntax so the path is correct. Your host may need to help with that.

Share this post


Link to post
Share on other sites

Hi,

 

I have just installed 2.5 with osc and on checking the files with the

'Manual check' button in admin, I see about 12 files and all but two say 'eval'

 

I have looked at the files and cannot see where they have been hacked.

 

I tried the 2nd button from the top check with deletion and I get this error..

 

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /home/sydneyto/public_html/catalog/admin/sitemonitor_configure.php on line 18

 

It have checked my install again, however I must have missed something.

 

Thanks

 

 

oz

Share this post


Link to post
Share on other sites

I have just installed 2.5 with osc and on checking the files with the

'Manual check' button in admin, I see about 12 files and all but two say 'eval'

 

I have looked at the files and cannot see where they have been hacked.

Perhaps reading the text beside that button will help?

I tried the 2nd button from the top check with deletion and I get this error..

 

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /home/sydneyto/public_html/catalog/admin/sitemonitor_configure.php on line 18

The error is most likely caused by a mistake in the configure file. Maybe you overwrote an apostrophe or something like that. Try replacing the configure file and try it again.

Share this post


Link to post
Share on other sites

Many thanks,

 

I replaced all files and redid the configure questions and this time it works fine.

 

Never doubted your script, it comes with too much credability for that, however one's proof reading becomes rather suspect as one gets older and a little pointer is always gratefully accepted.

 

After the first run I get this message is that correct?

 

DELETED FILES:

Found a deleted file named

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on July 26, 2010, 9:34 am

Total mismatches found were 1034

Total files being monitored is 1

 

Also, below are the files which it list as hacker possibilities. I have checked them and renewed them but they still come up. In that case is it wise to exclude them?

 

Thanks again.

 

 

oz

 

:-)

 

80 download.php eval

124 admin/configuration.php eval

1839 admin/easypopulate.php eval

211 admin/modules.php eval

1004 admin/php.ini error_reporting(0)

19 admin/sitemonitor_configure.php error_reporting(0)

471 admin/includes/classes/phplot.php eval

400 admin/includes/functions/general.php eval

56 admin/includes/javascript/calendarcode.js eval

75 admin/includes/javascript/spiffyCal/spiffyCal_v2_1.js eval

60 admin/includes/modules/newsletters/product_notification.php eval

76 includes/functions/compatibility.php eval

486 includes/functions/general.php eval

146 includes/languages/espanol.php

Edited by ozstar

Share this post


Link to post
Share on other sites

It should use the same file and the script doesn't use cache. My guess is that the path is not correct in the cron job and the reference file is being written to the home directory (servers home, not web home). You should check there to see if the file exists and, if it does, fix the cron syntax so the path is correct. Your host may need to help with that.

 

Thanks Jack

 

I can't access the servers home but I will see if through the Sitemonitor configuration it will delete the reference file in 1 day. The cron job path finds Sitemonitor OK, but the call to PHP is 5 directories deep. I will try calling Sitemonitor as a URL and see if then it behaves properly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×