SiteMonitor

[RafaAlepuz 0]

I'm sorry but that's as far as I can go. It must be something specific to your shop.

 

 

Ok. Now, I going to unistall the Sitemonitor.

I do not want to lose more time.

 

Thank you very much!

[jps001 0]

Hello,

 

I cant find it but i guess it whas already written here :blush:

 

I installed SiteMonitor and it is up and running.

When i press Manually Check for Hacked Files

a short list is shown.

 

 

But why skips sitemonitor 1707 files?

 

And the admin folder is set to excluded but he still scans it?

 

Srry for my bad english maybe thats why i did not fouond the answer :(

 

Hope you can help me,

 

Regards,

Jasper

[Jack_mcs 652]

But why skips sitemonitor 1707 files?

 

And the admin folder is set to excluded but he still scans it?

The code skips some files, like images and xml, because it's unlikely any hacker code added to them would cause a problem. You can remove that in admin/includes/functions/site_monitor.php if you like (just search for exclude).

 

The hacker test scans all areas since you may have your reference file setup to skip some sections.

[jps001 0]

Hello,

 

On the shop of a partner he installed SiteMonito also.

But he got a error now Warning: array_flip() [function.array-flip]: Can only flip STRING and INTEGER values! in /www/htdocs__///__includes/functions/sitemonitor_functions.php on line 148

 

I think some permissions are not good becasue he has 644 on many files inside the admin

 

how to solve this?

 

Regards,

 

jasper

[jps001 0]

The code skips some files, like images and xml, because it's unlikely any hacker code added to them would cause a problem. You can remove that in admin/includes/functions/site_monitor.php if you like (just search for exclude).

 

The hacker test scans all areas since you may have your reference file setup to skip some sections.

 

Okay thanks

 

Stupid of me i could have known it. :blush:

[Jack_mcs 652]

On the shop of a partner he installed SiteMonito also.

But he got a error now Warning: array_flip() [function.array-flip]: Can only flip STRING and INTEGER values! in /www/htdocs__///__includes/functions/sitemonitor_functions.php on line 148

That error is most likely due to some invalid or non-standard name for one of your files. You would need to isolate it to find the problem. The easiest way is to exclude all directories and run the script to make sure it works without that error. Then start adding them back in and testing each time. When you find one that fails, look at the reference file for a file name that is different.

[Motive 0]

Hey Im getting access denied "No Right Permission Access" when I try to click on Site Monitor Admin or configure.

 

I am using osCMax 2.025

Edited October 9, 2010 by Motive

[Motive 0]

Hey Im getting access denied "No Right Permission Access" when I try to click on Site Monitor Admin or configure.

 

I am using osCMax 2.025

 

 

And I know to ask my host admin but I don't really know what to ask for? What "write or right" permission do I need and where or on what file? What is the root of the problem?

Edited October 9, 2010 by Motive

[Jack_mcs 652]

And I know to ask my host admin but I don't really know what to ask for? What "write or right" permission do I need and where or on what file? What is the root of the problem?

Unfortunately, it is against forum rules to support oscommerce forks. You'll need to ask in the oscMax forums.

[jps001 0]

Solved both problems,

 

Thanks

[Dj-Viper 18]

Hi,

 

Also solved my problem. Was not the file or server permissions that were wrong, but the startline in the configuration file, had put there also /index.php behind it, but that was wrong, after deleting that it worked like a charme.

 

Greetings, Anne

[kenboon 0]

Hi,

 

I keep getting this error.

 

Warning: opendir(/home/username/public_html/) [function.opendir]: failed to open dir: No such file or directory in /home/******/public_html/catalog/*****/includes/functions/sitemonitor_functions.php on line 419

 

I'v stared out the admin ect for obvious reasons. Can anyone pleasse help me resolve this?

 

Regards,

 

Ken

[kenboon 0]

Just noticed something very odd. In the top left hand corner in the Sitemonitor part of the Admin Control, it says "Logged in as: c (Logoff)" But that is not my log in name? It seems to log me in as C for some reason each time I then Go on to the Site Monitor bit.

 

Regards,

 

Ken

[Jack_mcs 652]

Just noticed something very odd. In the top left hand corner in the Sitemonitor part of the Admin Control, it says "Logged in as: c (Logoff)" But that is not my log in name? It seems to log me in as C for some reason each time I then Go on to the Site Monitor bit.

Both problems covered here recently.

[kenboon 0]

Jack, thank you. I did search before I asked, ut was unable to find an answer. I missed a letter when typing my username in the Start Directory part.

 

I'v had a little play with theis and it really is a very good contribution :)

 

Thanks

 

Ken

[thefragfarmer 0]

I know this issue has been covered previously but i dont quite understand how the person was able to fix it....

 

Every time i click on SiteMonitor (Admin or Config) I get:

 

 

Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

Your username is invalid. Please change it and try again.

 

 

Any help would be greatly appreciate it as I have been hacked twice and want to get all these security strategies implemented.

[Jack_mcs 652]

Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

Your username is invalid. Please change it and try again.

Verify the username is correct with the steps previously mentioned.

[kenboon 0]

Fragfarmer. Go to File manager to confirm the name it is correct.

[Ausgirl 3]

I know this issue has been covered previously but i dont quite understand how the person was able to fix it....

 

Every time i click on SiteMonitor (Admin or Config) I get:

 

 

Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

Your username is invalid. Please change it and try again.

 

 

Any help would be greatly appreciate it as I have been hacked twice and want to get all these security strategies implemented.

 

The answer to these is on the previous pages. Pages 60 to 65 so not so far to look over.

 

"Logged in as: c (Logoff)" the answer to that is on the page before this one. Jack has stated the code change & where to change it.

 

Your username is invalid. Please change it and try again.

 

In SiteMonitor under the configuration heading in your Admin it says... Start Directory: /home1/thegoods/public_html (The root of the shop).

Check that yours states /home1/thegoods/public_html & not /home/thegoods/public_html

 

As for the Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

 

The suggestions didnt fix mine so I thought I'd worry about it later, I went & had coffee & when I came back I loaded my site back up & the error was gone, looks all good now. Sometimes you have to close the browser & reload rather than refresh to see things working.

[rocaholic 0]

Does SiteMonitor conflict with .htaccess functionality?

[Dj-Viper 18]

Hi, Rocaholic

 

Does SiteMonitor conflict with .htaccess functionality?

 

My enginering of php etc is not very good, but no it doesn't conflict. Sitemonitor is direct on the server of the website, htaccess is only access to the website outsite the admin.

 

Greetings, Dj Viper

[Andrew Cargill 0]

Hi there,

 

This looks like a fantastic contribution but I have just installed it and am receiving the following error:

 

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 20 bytes) in /home/***/public_html/***/sitemonitor_configure_setup.php on line 116

 

Does anybody have an idea on what I am doing wrong?

 

Cheers,

 

Andy

0

[Jack_mcs 652]

This looks like a fantastic contribution but I have just installed it and am receiving the following error:

 

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 20 bytes) in /home/***/public_html/***/sitemonitor_configure_setup.php on line 116

 

Does anybody have an idea on what I am doing wrong?

If it is failing when first installed, then it is probably due to trying to load too may files. You will need to edit the sitemonitor_configure.php file to exclude some of the directories. Several examples of how to do this are in this thread.

[lybrary 0]

Site Monitor is a great contribution, however it obviously was not tested on sites with lots of files. My site has close to half a million files. There are a couple of bugs I have found. The out of memory error is easy to fix, but for others I had to debug for hours. Here are my findings:

 

- function ExcludeDirectory: Why do you pass a start_dir variable? It is never used for anything even though you run some string operations on it but then never use it. So I removed that one. (This was not really a bug but unnecessary code.)

 

- file: sitemonitor_configure_setup.php: You are missing a "require('sitemonitor_configure_setup.php');" right at the beginning and you need to get rid of "$excludeList = array();"

 

/****************** BUILD THE HACKED FILE LIST *********************/

$excludeList = array();

 

Because otherwise the excluded directories are still being processed which on big sites leads to a failing script.

 

With these changes I can at least run the site monitor, however not the check for hacked files. There again we have a function rglob() which tries to traverse all subdirectories ignoring the excluded ones. On big sites this is simply not possible. rglob should also obey the exclusions or if you want have another set of exclusions for this operation.

 

What I did is add a

 

if (ExcludeDirectory($sSubDir, $sDir)) continue;

 

Inside the foreach of the rglob() function plus adding the necessary "require('sitemonitor_configure.php');" in sitemonitor_admin.php. It seems to be running even though I have not fully thought this through. In general I have to note that some of the coding techniques used in this contribution is pretty strange or awkward if you will. I like the idea of the contribution but execution is a bit shaky.

[lybrary 0]

Oh my oh my, the algorithms used in function runSitemonitor are really bad. Any site with more than a few hundred files will not be able to run this function because it most likely will time out with a server error. SiteMontior uses nested for loops, the same 3 times in a row! And the logic of file comparison is incorrect.

 

I think SiteMonitor would need a complete overhaul but I don't have the time to do this. But I will show what I did with runSitemonitor to make it lightning fast even for large sites and allow file comparison even if files where deleted (of course comparing those that are still there, not the deleted ones).

 

First you need to store refFiles in an associative array where the file name is the index rather than a numeric index. Once you have done that you can simply use array_key_exists() to check if the file is there and do your comparisons. And we fold the three loops into one. Here is the key part that I changed in runSitemonitor

 

/************** SEE IF THE FILE SIZES ARE DIFFERENT ****************/

/************** SEE IF THE TIMESTAMPS ARE DIFFERENT ****************/

/************** SEE IF THE PERMISSIONS ARE DIFFERENT ***************/

$msg .= "\nSIZE MISMATCH:\n";

$error = 0;

$msg_time = '';

$error_time = 0;

$msg_perm = '';

$error_perm = 0;

$size = count($files);

$refFiles = GetReferenceFilesAssoc($referenceFile); //reload for all checks below

 

for ($i = 0; $i < $size; ++$i)

{

if (array_key_exists($files[$i], $refFiles))

{

// check file size

$newSize = GetSize($files[$i]);

$oldSize = GetPart(SIZE - 1, $refFiles[$files[$i]]); // -1 because in associative version the first element is missing

if ($newSize != $oldSize)

{

$msg .= DisplayMessage($verbose, ('Difference found: New-> '. GetFileName($files[$i]) . ' '. $newSize . ' Original-> ' . $oldSize));

$logEntry['Size Changed'][] = $files[$i];

$error++;

$ttlErrors++;

}

 

// check timestamp

$r = @stat($files[$i]);

if ($r[9] != GetPart(TIME - 1, $refFiles[$files[$i]]))

{

$msg_time .= DisplayMessage($verbose, ('Time Mismatch on '. GetFileName($files[$i]). ' Last Changed on ' . gmstrftime ("%A, %d %b %Y %T %Z", $r[9])));

$logEntry['Time Changed'][] = $files[$i];

$error_time++;

$ttlErrors++;

}

 

// check permissions

$pCurrent = substr(sprintf('%o', @fileperms($files[$i])), -3);

$pLast = GetPart(PERM - 1, $refFiles[$files[$i]]);

if ($pCurrent != $pLast)

{

$msg_perm .= DisplayMessage($verbose, ('permissions Mismatch on '. GetFileName($files[$i]). ' Currently set to "' . $pCurrent . '" was set to "' . $pLast .'"'));

$logEntry['Permissions Change'][] = $files[$i];

$error_perm++;

$ttlErrors++;

}

}

}

if (! $error)

$msg .= DisplayMessage($verbose, 'No size differences found...');

$msg .= "\nTIME MISMATCH:\n" . $msg_time;

if (! $error_time)

$msg .= DisplayMessage($verbose, 'No time mismatches found...');

$msg .= "\nPERMISSIONS MISMATCH:\n" . $msg_perm;

if (! $error_perm)

$msg .= DisplayMessage($verbose, 'No permissions mismatches found...');

 

 

And GetReferenceFilesAssoc() is the same as GetReferenceFiles() but it has a little addition at the bottom where the associative array is built. Hope this helps others on larger sites. Again, the idea of SiteMonitor is brilliant, the programming is subpar and fails for larger websites.

 

function GetReferenceFilesAssoc($path) //use curl if possible to read in site information

{

global $username, $password, $admin_dir;

$lines = array();

 

if (! empty($admin_dir) && ! empty($username) && ! empty($password) && function_exists('curl_init'))

{

$path = $admin_dir . '/' . $path;

$ch = curl_init();

$timeout = 5; // set to zero for no timeout

curl_setopt ($ch, CURLOPT_URL, $path);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);

curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password);

$file_contents = curl_exec($ch);

curl_close($ch);

$lines = explode("\n", $file_contents);

}

else

{

$fd = fopen ($path, "r");

while (!feof ($fd))

{

$buffer = fgets($fd, 4096);

$lines[] = $buffer;

}

fclose ($fd);

}

 

if (empty($lines))

{

echo 'Failed to read Reference File';

exit;

}

 

$return_array = array();

for ($i=0; $i<count($lines); $i++) {

$pos = strpos($lines[$i], ",");

$return_array[substr($lines[$i], 0, $pos)] = substr($lines[$i], $pos+1);

}

return $return_array;

}