Jack_mcs Posted September 14, 2010 Author Share Posted September 14, 2010 Thank you for your answer. It depends on the message from the script: If there are no changes found or if there is an missmatch, i get an e-mail. If there are new files found, I get no mail. Andra The only thing I can think of is that the script is not completing for some reason. In the SiteMonitor settings, check the verbos option and update it (if that option is not already set). Then go to the its admin section and click on the third update button. You should see all of the message displayed there. If it stops before all of the sections have been ran, then there is something in the new files, or wherever it is failing, that is causing the problem. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
AndraX Posted September 15, 2010 Share Posted September 15, 2010 The only thing I can think of is that the script is not completing for some reason. In the SiteMonitor settings, check the verbos option and update it (if that option is not already set). Then go to the its admin section and click on the third update button. You should see all of the message displayed there. If it stops before all of the sections have been ran, then there is something in the new files, or wherever it is failing, that is causing the problem. Thank you, Jack. The verbos option is active, I tested it oncemore, still the same problem. I get this message: "Found a new file named images/test/xy.jpg Found a new file named images/test/xxx.jpg No deleted files found..." Nothing more, no mail. Maybe there is not enough scriptpower on the server... But if there are just missmatches, it works... Still I'm glad about your script, it is very helpful. Thank you. Andra Quote Link to comment Share on other sites More sharing options...
geoffwin Posted September 15, 2010 Share Posted September 15, 2010 Thanks for any advice Just came into this thread. Installed the latest version and now when I try and enter admin area I get this error Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/sessions.php on line 97 Warning: Cannot modify header information - headers already sent by (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/general.php on line 22 Been a while since I played in Osc so would appreciate any feedback thanks Geoff Quote Geoff Telegraph Point 2441 Australia Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 15, 2010 Author Share Posted September 15, 2010 Thank you, Jack. The verbos option is active, I tested it oncemore, still the same problem. I get this message: "Found a new file named images/test/xy.jpg Found a new file named images/test/xxx.jpg No deleted files found..." Nothing more, no mail. Maybe there is not enough scriptpower on the server... But if there are just missmatches, it works... The script isn't finishing. It might be a timeout issue or some file that is causing it to fail. Try excluding all directories. If it runs, add one in at a time, testing as you do until the cause is found. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 15, 2010 Author Share Posted September 15, 2010 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/sessions.php on line 97 Warning: Cannot modify header information - headers already sent by (output started at /home/telepoin/public_html/admin/includes/filenames.php:1) in /home/telepoin/public_html/admin/includes/functions/general.php on line 22 See the link in my signature for that error. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
geoffwin Posted September 15, 2010 Share Posted September 15, 2010 See the link in my signature for that error. Thanks , tried that and all OK. Reversed everything and removed site monitor and the error is still there? Any other options? Quote Geoff Telegraph Point 2441 Australia Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 15, 2010 Author Share Posted September 15, 2010 Thanks , tried that and all OK. Reversed everything and removed site monitor and the error is still there? Any other options? This is the support thread for SiteMonitor. If you don't have SiteMonitor installed or your problem isn't related to it, you need to post your question in the appropriate thread. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
geoffwin Posted September 15, 2010 Share Posted September 15, 2010 This is the support thread for SiteMonitor. If you don't have SiteMonitor installed or your problem isn't related to it, you need to post your question in the appropriate thread. Thanks for nothing I install site monitor into an oSc install that has been working for months and after the install of site monitor I cannot access my admin section. Perhaps the reason I cannot access my admin section is because of site monitor? Quote Geoff Telegraph Point 2441 Australia Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted September 15, 2010 Share Posted September 15, 2010 Thanks for nothing I install site monitor into an oSc install that has been working for months and after the install of site monitor I cannot access my admin section. Perhaps the reason I cannot access my admin section is because of site monitor? Either you made an error in the installation or you need to clear your browser cache. Sometimes simply closing the browser and restarting it is sometimes enough to stop that error. I'd clear your browser cache first, then recheck the installation steps closely. Site monitor does not change anything that would stop you from accessing your admin pages. Quote Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
geoffwin Posted September 15, 2010 Share Posted September 15, 2010 Either you made an error in the installation or you need to clear your browser cache. Sometimes simply closing the browser and restarting it is sometimes enough to stop that error. I'd clear your browser cache first, then recheck the installation steps closely. Site monitor does not change anything that would stop you from accessing your admin pages. Thank you for a helpful reply. I will try as you suggest. My apologies for my post above - it was uncalled for. Quote Geoff Telegraph Point 2441 Australia Link to comment Share on other sites More sharing options...
mr_absinthe Posted September 16, 2010 Share Posted September 16, 2010 Jack, just wanted to say THANKS! I've installed the SiteMonitor on a friend's site and it discovered hacker files recently! They've uploaded several files to all writable directories of the web site. It seems that files have identical content and various filenames such as spill.php, spool.php or sql.php. This is a small preview of those files: <? eval(gzinflate(base64_decode('DZfHDsTGEUR/xTdJ4IE5wZYFcplzWqaLwZxz5td7D32c6cGg6nX1P//9zz//Ks6k/7N6m7Hsk734M022gsD+lxfZlBd//sHFBbptAZN9DfCOkS7KBD2csD3B6/cdLurl+rFc4fJ0A4YBbhA8818ZJR5/TZB4wHxZRPrTgkPik27AgT7u4aHigaBc2AKjQjPqHcddIBNTflVwsk2pp9LyFS9gGVHI8aNw1G/2SapZF6qaUqu14drNMKrjEGXi3KZgERz+/CachCmy5fu6LnTT8qnvdnZr/OJR/ZGcJH6PPJRVn/Lqpph4bjI70sbJWuZJYFcLr5iDoN9IMSDwAVKL3qh2z2hsSxeVYuywg/weFvlFGp16ItXYntOIHOyIDc2RgFZyDKJUfU8ZDSu86FUYRX7T/KFdm73bC7LWl5alFhS8Pgq3FEBkGwrnaQqmeE014izZSQ0pLx6U5KkpyXEN9Q4R... etc. etc. Thanks to SiteMonitor, we've noticed quite quickly and deleted those files and added .htaccess with this code: php_flag engine off <Files ~ "\.(php*|s?p?html|cgi|pl|ini)$"> deny from all </Files> We've also changed CHMOD to 757 because 775 was throwing errors. Few minutes after changing the permissions, I've noticed that new .htaccess files were uploaded to all of those directories so I've deleted them. Setting permissions to 757 is obviously no solution and I have also changed the ftp password - however there was no hacker trace in the ftp log. Would you have a solution how to avoid the above please? Is there a possibility of protecting writable directories? As far as I can tell, files have been patched and many security contributions are in place. Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 16, 2010 Author Share Posted September 16, 2010 Jack, just wanted to say THANKS! I've installed the SiteMonitor on a friend's site and it discovered hacker files recently! They've uploaded several files to all writable directories of the web site. It seems that files have identical content and various filenames such as spill.php, spool.php or sql.php. This is a small preview of those files: We've also changed CHMOD to 757 because 775 was throwing errors. Few minutes after changing the permissions, I've noticed that new .htaccess files were uploaded to all of those directories so I've deleted them. Setting permissions to 757 is obviously no solution and I have also changed the ftp password - however there was no hacker trace in the ftp log. Would you have a solution how to avoid the above please? Is there a possibility of protecting writable directories? As far as I can tell, files have been patched and many security contributions are in place. I'm glad it helped. I'm not following the question thoguh - can't tell what is being uploaded to where. But, in my experience, hackers are able to upload files because of some security hole, like the file manager one. Be sure you have renamed the admin directory and applied the patch to its application_top file. It they are still getting in, you should be able to relate the time the file was added as recorded in the SiteMonitor log with that in the ftp log. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted September 18, 2010 Share Posted September 18, 2010 They've uploaded .php files to writable directories only. File manager does not exist there and admin was also renamed. Not sure what patch in application_top you mean, could you point me please? Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 18, 2010 Author Share Posted September 18, 2010 They've uploaded .php files to writable directories only. File manager does not exist there and admin was also renamed. Not sure what patch in application_top you mean, could you point me please? There are several fixes floating around. This thread mentions one or two. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted September 18, 2010 Share Posted September 18, 2010 Thank you, those fixes have been applied BEFORE the attack. Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
abe1983 Posted September 20, 2010 Share Posted September 20, 2010 (edited) When I'm in my admin and I go to Sitemonitor. The person who's logged in automaticaly changes in another user I don't recognize. I tested it on two different webshops. One time it changes in c and the other time in i. Please help. I also cannot go to the admin. Warning: opendir() [function.opendir]: Unable to access /home/username/public_html/ in /public/sites/www.site.nl/inlog/includes/functions/sitemonitor_functions.php on line 419 Warning: opendir(/home/username/public_html/) [function.opendir]: failed to open dir: No such file or directory in /public/sites/www.site.nl/inlog/includes/functions/sitemonitor_functions.php on line 419 This is also an error I get. If someone can help me thanks! Edited September 20, 2010 by abe1983 Quote Link to comment Share on other sites More sharing options...
Guest Posted September 20, 2010 Share Posted September 20, 2010 When I'm in my admin and I go to Sitemonitor. The person who's logged in automaticaly changes in another user I don't recognize. I tested it on two different webshops. One time it changes in c and the other time in i. Please help. I also cannot go to the admin. This is also an error I get. If someone can help me thanks! Warning: opendir() [function.opendir]: Unable to access /home/username/public_html/ Is this the path to your store?: /home/username/public_html/ I think you have to change username in this path.. Quote Link to comment Share on other sites More sharing options...
abe1983 Posted September 20, 2010 Share Posted September 20, 2010 Is this the path to your store?: /home/username/public_html/ I think you have to change username in this path.. Can you give me an example. This line automaticaly stood in the start dir field of the configurationpage of sitemonitor. Thanks. Quote Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted September 20, 2010 Share Posted September 20, 2010 Can you give me an example. This line automaticaly stood in the start dir field of the configurationpage of sitemonitor. Thanks. An example would be... /home/abe1983/public_html/ Look in your cPanel -> file manager and at the top left you will likely see the path to your file space in a text box. Quote Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
abe1983 Posted September 21, 2010 Share Posted September 21, 2010 An example would be... /home/abe1983/public_html/ Look in your cPanel -> file manager and at the top left you will likely see the path to your file space in a text box. I've got now this error: Warning: opendir() [function.opendir]: Unable to access home/public/sites/ in /public/sites/www.deriemenshop.nl/inlog/includes/functions/sitemonitor_functions.php on line 419 Warning: opendir(home/public/sites/) [function.opendir]: failed to open dir: No such file or directory in /public/sites/www.deriemenshop.nl/inlog/includes/functions/sitemonitor_functions.php on line 419 And I've got still the problem with the inlog with another unknown user? Quote Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2010 Share Posted September 21, 2010 I've got now this error: Warning: opendir() [function.opendir]: Unable to access home/public/sites/ in /public/sites/www.deriemenshop.nl/inlog/includes/functions/sitemonitor_functions.php on line 419 What do you have in catalog/includes/configure.php on this line? : define('DIR_FS_CATALOG', '/home/username/public_html/catalog/'); Quote Link to comment Share on other sites More sharing options...
Kenja Posted September 22, 2010 Share Posted September 22, 2010 I've installed the contribution on one of my sites and overall I think it's pretty slick. However, I do have one issue. I've noticed the log file and the reference file in several places now on my server. It appears those files are generated based on where the command is run from or something. In my case, I found copies in the catalog directory, the admin directory, and the directory where my cron script is located. Having those files in the catalog directory is a problem because it exposes the full directory structure and script names of my entire site in a public way. I'm not sure what I did to get the files to show up there, but the script should be modified so that the files are always stored in the admin directory where they can be protected. Also, the reference file is a php file, but if you load it in your browser, it displays the contents of the file. It may as well be a text file if you're going to do it that way... The contents of that file should probably be contained inside php tags so that the information is there, but not accessible directly from the browser. It is possible I've configured my site incorrectly, so maybe this is mute point, but if not, it would be nice to figure out how to solve these issues, as the contribution could potentially make the site less secure. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 22, 2010 Author Share Posted September 22, 2010 I've installed the contribution on one of my sites and overall I think it's pretty slick. However, I do have one issue. I've noticed the log file and the reference file in several places now on my server. It appears those files are generated based on where the command is run from or something. In my case, I found copies in the catalog directory, the admin directory, and the directory where my cron script is located. Having those files in the catalog directory is a problem because it exposes the full directory structure and script names of my entire site in a public way. I'm not sure what I did to get the files to show up there, but the script should be modified so that the files are always stored in the admin directory where they can be protected. Also, the reference file is a php file, but if you load it in your browser, it displays the contents of the file. It may as well be a text file if you're going to do it that way... The contents of that file should probably be contained inside php tags so that the information is there, but not accessible directly from the browser. The output from the script is stored in the directory it is ran in, which should be admin. If you are running it from somewhere else, you will need to change the code to deal with that. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
abe1983 Posted September 23, 2010 Share Posted September 23, 2010 What do you have in catalog/includes/configure.php on this line? : define('DIR_FS_CATALOG', '/home/username/public_html/catalog/'); Thank you Sijo! It worked for one site, but the other I get this message! Warning: opendir() [function.opendir]: open_basedir restriction in effect. File(/home/username/public_html/) is not within the allowed path(s): (/var/www/vhosts/site.nl/httpdocs:/tmp) in /var/www/vhosts/site.nl/httpdocs/catalog/inlog/includes/functions/sitemonitor_functions.php on line 419 Warning: opendir(/home/username/public_html/) [function.opendir]: failed to open dir: Operation not permitted in /var/www/vhosts/site.nl/httpdocs/catalog/inlog/includes/functions/sitemonitor_functions.php on line 419 Warning: chmod() [function.chmod]: Operation not permitted in /var/www/vhosts/site.nl/httpdocs/catalog/inlog/includes/functions/sitemonitor_functions.php on line 545 Cannot change the mode of file (/var/www/vhosts/site.nl/httpdocs/catalog/inlog/sitemonitor_configure.php) Quote Link to comment Share on other sites More sharing options...
Guest Posted September 23, 2010 Share Posted September 23, 2010 Thank you Sijo! It worked for one site, but the other I get this message! You have to check that you have the right path in the script for this site too. Make a file called test.php and put in this code: <?php echo $_SERVER['SCRIPT_FILENAME'] ?> FTP this file to your site root and execute it in your browser, e.g. : www.yoursite.com/test.php It will show you the path of your site.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.