Jump to content
Latest News: (loading..)
Jack_mcs

SiteMonitor

Recommended Posts

It should use the same file and the script doesn't use cache. My guess is that the path is not correct in the cron job and the reference file is being written to the home directory (servers home, not web home). You should check there to see if the file exists and, if it does, fix the cron syntax so the path is correct. Your host may need to help with that.

 

Thanks Jack

 

I can't access the servers home but I will see if through the Sitemonitor configuration it will delete the reference file in 1 day. The cron job path finds Sitemonitor OK, but the call to PHP is 5 directories deep. I will try calling Sitemonitor as a URL and see if then it behaves properly.

Share this post


Link to post
Share on other sites

After the first run I get this message is that correct?

 

DELETED FILES:

Found a deleted file named

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on July 26, 2010, 9:34 am

Total mismatches found were 1034

Total files being monitored is 1

 

No, that doesn't look right. When you click on the top update button, you should get a message on the screen saying it was ran for the first time. If you get that, look at the admin/sitemonitor_reference.php file and see if there is more than one file listed there. If there is and you still get an email like the above, then something is wrong. In that case, please post your sitemonitor_configure.php file here, without the password, and I will take a look at it.

Also, below are the files which it list as hacker possibilities. I have checked them and renewed them but they still come up. In that case is it wise to exclude them?

That lists looks OK. All are common files so they are probably OK. That doesn't mean they haven't been hacked, of course. You would have to compare them to an original to be sure but, odds are, in my opinion, they are OK.

Share this post


Link to post
Share on other sites

I can't access the servers home but I will see if through the Sitemonitor configuration it will delete the reference file in 1 day. The cron job path finds Sitemonitor OK, but the call to PHP is 5 directories deep. I will try calling Sitemonitor as a URL and see if then it behaves properly.

What I meant by the servers home was the directory that your public_html or httpdocs directory is located in. You should have access to that unless your host is preventing it for some reason. If that is the case, you can ask them to look in that directory to see if any files are there with names of sitemonitor.... If there are, then that something is wrong.

Share this post


Link to post
Share on other sites

Thank you.

 

Wo! I looked at the reference file you mentioned and have 1033 lines of files.

 

I did get this is the first time message, but did not look at the reference file.

 

I did go in again and clicked the first button again and goit this message.

 

sitemonitor_reference.php has been deleted!

First time ran. Reference file was created and saved.

 

I got tyhe ail which said this..

 

NEW FILES:

Found a new file named banned/IP_Trapped.txt

Found a new file named banned/Whitelist.txt

Found a new file named images/stop.png

Found a new file named robots.txt

Found a new file named personal/index.php

Found a new file named includes/secret.php

Found a new file named includes/application_topB4-IPtrap.php

Found a new file named includes/phpids/GPL.txt

Found a new file named includes/phpids/Read_Me.htm

Found a new file named includes/phpids/banned.php

Found a new file named includes/phpids/cache/index.php

Found a new file named includes/phpids/admin/banned_ip.php

Found a new file named includes/phpids/admin/phpids_installer.php

Found a new file named includes/phpids/admin/phpids_report.php

Found a new file named includes/phpids/admin/includes/functions/version_checker.php

Found a new file named includes/phpids/admin/includes/languages/english/banned_ip.php

Found a new file named includes/phpids/admin/includes/languages/english/phpids_report.php

Found a new file named includes/phpids/admin/includes/languages/english/version_checker.php

Found a new file named includes/phpids/includes/modules/banned_ip.php

Found a new file named includes/phpids/includes/modules/osc_phpids.php

 

DELETED FILES:

No deleted files found...

 

SIZE MISMATCH:

Difference found: New-> download/.htaccess 100 Original-> 104

Difference found: New-> images/Canon Fax L- 200 Original-> 220

Difference found: New-> includes/application_top.php 21002 Original-> 20935

 

TIME MISMATCH:

Time Mismatch on download/.htaccess Last Changed on Monday, 26 Jul 2010 05:52:04 GMT

Time Mismatch on images/Canon Fax L- 200 Last Changed on Thursday, 01 Jan 1970 00:00:00 GMT

Time Mismatch on includes/application_top.php Last Changed on Monday, 26 Jul 2010 04:59:01 GMT

 

PERMISSIONS MISMATCH:

permissions Mismatch on images/Canon Fax L- 200 Currently set to 0 was set to 250

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on July 26, 2010, 7:41 pm

Total mismatches found were 27

Total files being monitored is 1033

looked at the reference file

 

----------------

 

I looked at the reference file again and noticed there are now 1053 lines.

 

You would notice I am installing phpIDS and IP Trap in the hope of not getting hacked or virused again.

 

Should I send the configure file?

 

Thank you for your help.

 

 

oz

Share this post


Link to post
Share on other sites

What I meant by the servers home was the directory that your public_html or httpdocs directory is located in. You should have access to that unless your host is preventing it for some reason. If that is the case, you can ask them to look in that directory to see if any files are there with names of sitemonitor.... If there are, then that something is wrong.

 

Thanks Jack

 

You are right, that's where the log and reference files are. No big deal as I can delete them there when I need to. Not sure why it doesn't want to put them back in the admin directory when it can follow the path to Sitemonitor in the cron job. The admin directory was renamed so maybe that's the problem. I will test it with a new dummy admin directory and see if it puts them there.

Share this post


Link to post
Share on other sites

Thank you.

 

Wo! I looked at the reference file you mentioned and have 1033 lines of files.

 

I did get this is the first time message, but did not look at the reference file.

 

I did go in again and clicked the first button again and goit this message.

 

The way to run it is to click the first update button first, which you've done. Then click the second update thereafter, or until you want to create another reference file. The first creates the file. The second uses the file. Try clicking the second and see what your email says. It should say nothing found, assuming nothing has changed since the first was clicked.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

You are right, that's where the log and reference files are. No big deal as I can delete them there when I need to. Not sure why it doesn't want to put them back in the admin directory when it can follow the path to Sitemonitor in the cron job. The admin directory was renamed so maybe that's the problem. I will test it with a new dummy admin directory and see if it puts them there.

It is probably due to how the server is setup. You may need to change the cron job to cd into the admin directory before the script is ran bu that is something your host will need to assist you with.

Share this post


Link to post
Share on other sites

Thanks.

 

Yes I tried the 2nd button and this was the result..

 

I checked that file and niticed it did not have any extension such as jpg etc. On further checking it was accidentlt uploaded that way so it was not changed by any unwated visitors.

 

Many thanks for a wonderful script.

 

oz :-)

 

NEW FILES:

No new files found...

 

DELETED FILES:

No deleted files found...

 

SIZE MISMATCH:

Difference found: New-> images/Canon Fax L- 200 Original-> 220

 

TIME MISMATCH:

Time Mismatch on images/Canon Fax L- 200 Last Changed on Thursday, 01 Jan 1970 00:00:00 GMT

 

PERMISSIONS MISMATCH:

permissions Mismatch on images/Canon Fax L- 200 Currently set to "0" was set to "250"

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on July 28, 2010, 10:25 am

Total mismatches found were 3

Total files being monitored is 1053

Share this post


Link to post
Share on other sites

Hi,

I am using the newest version of sitemonitor and when hitting "Manually Execute Sitemonitor" following error appears:

 

Found a new file named newsletters.php

Found a new file named popup_image.php

etc.

Size differences not checked due to deleted file(s)

Time differences not checked due to deleted file(s)

Permissions not checked due to deleted file(s)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on July 28, 2010, 4:09 am

Total mismatches found were 425

Total files being monitored is 1

Email sent to shop owner.

 

Warning: fopen(sitemonitor_log.txt) [function.fopen]: failed to open stream: Permission denied in /www/htdocs/*****/*****/admin/includes/functions/sitemonitor_functions.php on line 571

 

Warning: unlink(sitemonitor_reference.php) [function.unlink]: Permission denied in /www/htdocs/*****/*****/admin/sitemonitor.php on line 28

Found a new file named newsletters.php

Found a new file named popup_image.php

Found a new file named cache.php

Found a new file named define_language.php

Found a new file named modules.php

etc

Found a deleted file named

Size differences not checked due to deleted file(s)

Time differences not checked due to deleted file(s)

Permissions not checked due to deleted file(s)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on July 28, 2010, 4:09 am

Total mismatches found were 425

Total files being monitored is 1

Email sent to shop owner.

 

Warning: fopen(sitemonitor_log.txt) [function.fopen]: failed to open stream: Permission denied in /www/htdocs/*****/*****/admin/includes/functions/sitemonitor_functions.php on line 571

 

There are also two emails send.

When coming back to sitemonitor admin the following error occurs:

 

Warning: fopen(sitemonitor_log.txt) [function.fopen]: failed to open stream: Permission denied in /www/htdocs/*****/*****/admin/includes/functions/sitemonitor_functions.php on line 571

 

Warning: unlink(sitemonitor_reference.php) [function.unlink]: Permission denied in /www/htdocs/*****/*****/admin/sitemonitor_admin.php on line 78

 

Warning: fopen(sitemonitor_log.txt) [function.fopen]: failed to open stream: Permission denied in /www/htdocs/*****/*****/admin/includes/functions/sitemonitor_functions.php on line 571

Edited by bonester1981

Share this post


Link to post
Share on other sites

Yes I tried the 2nd button and this was the result..

 

I checked that file and niticed it did not have any extension such as jpg etc. On further checking it was accidentlt uploaded that way so it was not changed by any unwated visitors.

 

Many thanks for a wonderful script.

 

oz :-)

Difference found: New-> images/Canon Fax L- 200 Original-> 220

The script will only work for properly named files. If it runs across one that is invalid, as the above, there's no way to recover from it since there's no way to know what it should be named. You will need to clean up your files and either rename or delete ones that have invalid names.

Share this post


Link to post
Share on other sites

Hi,

I am using the newest version of sitemonitor and when hitting "Manually Execute Sitemonitor" following error appears:

 

There are also two emails send.

When coming back to sitemonitor admin the following error occurs:

All of those are due to the permissions settings on the server. You can try changing the permissions on the sitemonitor files to 755, or 777 if that is how your server is setup. If that doesn't do it, you will need to talk to your host about the problem.

Share this post


Link to post
Share on other sites

The script will only work for properly named files. If it runs across one that is invalid, as the above, there's no way to recover from it since there's no way to know what it should be named. You will need to clean up your files and either rename or delete ones that have invalid names.

 

 

Once again many thanks for the program and many thanks for the support.

 

poz :-)

Share this post


Link to post
Share on other sites

I get this warning in the admin side

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in mysite.co.uk\user\htdocs\admin\includes\functions\sitemonitor_functions.php on line 267

Reference file creation failed!

Share this post


Link to post
Share on other sites

I get this warning in the admin side

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in

Is your username really username? See any of the dozen or so posts on this subject in this trhead if you need more detail.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

jack. sorry to pester again but cant get it to work, have gone through all 52 pages of this thread and have seen several people with the same issues but things do not work for me.

 

on configure:

The exclude selector box only comes up with "make selection" and no selections are offered. I have tried various exceptions in the box, but with no luck.

 

any help would be much appreciated

Share this post


Link to post
Share on other sites

jack. sorry to pester again but cant get it to work, have gone through all 52 pages of this thread and have seen several people with the same issues but things do not work for me.

 

on configure:

The exclude selector box only comes up with "make selection" and no selections are offered. I have tried various exceptions in the box, but with no luck.

 

any help would be much appreciated

You can try editing the admin/sitemonitor_configure.php file directly. If everything else then works, it is probably due to some path problem in your setup. Make sure the path in the configure settings matches the first part of the one shown on the module page.

Share this post


Link to post
Share on other sites

I have same problems with 'Your username is invalid. Please change it and try again.' as many other in the forum, and have read a lot of thread to find out how to configure it, but without any luck :(

so here is my configure file, maybe someone can find out whats wrong <_<

$start_dir = '/my_private_username_to_shopadmin/public_html/'; //your shops root
$admin_dir = 'www.dk-toys.dk/admin'; //your shops admin
$admin_username = 'my_private_username_to_shopadmin'; //your admin username
$admin_password = 'my_private_password_to_shopadmin'; //your admin password
$excludeList = array('admin/quarantine', 'cgi-bin','admin', 'banned'); //don't check these directories - change to your liking - must be set prior to first run
$hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking
$hackCodeSegments = array('error_reporting(0)', 'base64_decode','<frame','gzdecode','eval','ob_start("security_update")'); //enter any hacker code that you would like to check for
?>

Share this post


Link to post
Share on other sites

$start_dir = '/my_private_username_to_shopadmin/public_html/'; //your shops root

$admin_dir = 'www.dk-toys.dk/admin'; //your shops admin

$admin_username = 'my_private_username_to_shopadmin'; //your admin username

$admin_password = 'my_private_password_to_shopadmin'; //your admin password

The $start_dir should be the full path. Go to admin->Modules and the path is displayed there. Copy the first part of it, up to and including public_html. The admin_username and admin_password fields are not required unless you use the alternate login method.

Share this post


Link to post
Share on other sites

ok, now it don't say invalid username, and i can go to sitemonitor=>admin now, but when i use the first 3 buttons it say 'Reference file creation failed!' at the last i got a 'the website could not be found.

my start looks like this: /customers/dk-toys.dk/dk-toys.dk/httpd.www/admin/public_html/ i had tryid without /admin/ in the line but the same result.

 

the report sent to my mail said:

NEW FILES:

No new files found...

 

DELETED FILES:

Found a deleted file named

 

SIZE MISMATCH:

Size differences not checked due to deleted file(s)

 

TIME MISMATCH:

Time differences not checked due to deleted file(s)

 

PERMISSIONS MISMATCH:

Permissions not checked due to deleted file(s)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor ran on August 15, 2010, 1:25 pm Total mismatches found were 1 Total files being monitored is 1

Edited by DK-Toys.dk

Share this post


Link to post
Share on other sites

my start looks like this: /customers/dk-toys.dk/dk-toys.dk/httpd.www/admin/public_html/ i had tryid without /admin/ in the line but the same result.

Are you sure that is the path to your shop? It seems suspect with "admin" in the path.

Share this post


Link to post
Share on other sites

my full line from admin=>moduls is /customers/dk-toys.dk/dk-toys.dk/httpd.www/includes/modules/payment/

in the bottom of the site

 

in the address line in browser it is http://www.dk-toys.dk/admin/modules.php?set=payment&selected_box=modules

 

but what should i use?

The start directory entry should be /customers/dk-toys.dk/dk-toys.dk/httpd.www/

Share this post


Link to post
Share on other sites

great :-) now it seems to work, but when i use the last button i get the site 'internet explorer can't find the page'

what could be wrong?

the first 3 buttons works very fine, but the last needs to work too.

Edited by DK-Toys.dk

Share this post


Link to post
Share on other sites

NOW it works! :-)

 

i dont get the error if i dont use the check box.

but i get a lot of red marks for 75 files and more where i get a green check mark.

what did that meens?

my site had been hacked before with 'base64_decode' what i had deleted in every .php file on the site, but what shoule i do when it say base64_decode and eval, can i delete the line or should i do something else?

Share this post


Link to post
Share on other sites

NOW it works! :-)

 

i dont get the error if i dont use the check box.

but i get a lot of red marks for 75 files and more where i get a green check mark.

what did that meens?

my site had been hacked before with 'base64_decode' what i had deleted in every .php file on the site, but what shoule i do when it say base64_decode and eval, can i delete the line or should i do something else?

The results of that test are just possibilities. There's no way for the code to determine if the files are acutally infected or not. You will have to determine that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×