Jump to content
Latest News: (loading..)
Jack_mcs

SiteMonitor

Recommended Posts

I'm sorry but that's as far as I can go. It must be something specific to your shop.

 

 

Ok. Now, I going to unistall the Sitemonitor.

I do not want to lose more time.

 

Thank you very much!

Share this post


Link to post
Share on other sites

Hello,

 

I cant find it but i guess it whas already written here :blush:

 

I installed SiteMonitor and it is up and running.

When i press Manually Check for Hacked Files

a short list is shown.

 

sitemonitor.jpg

 

But why skips sitemonitor 1707 files?

 

And the admin folder is set to excluded but he still scans it?

 

Srry for my bad english maybe thats why i did not fouond the answer :(

 

Hope you can help me,

 

Regards,

Jasper

Share this post


Link to post
Share on other sites

But why skips sitemonitor 1707 files?

 

And the admin folder is set to excluded but he still scans it?

The code skips some files, like images and xml, because it's unlikely any hacker code added to them would cause a problem. You can remove that in admin/includes/functions/site_monitor.php if you like (just search for exclude).

 

The hacker test scans all areas since you may have your reference file setup to skip some sections.

Share this post


Link to post
Share on other sites

Hello,

 

On the shop of a partner he installed SiteMonito also.

But he got a error now Warning: array_flip() [function.array-flip]: Can only flip STRING and INTEGER values! in /www/htdocs__///__includes/functions/sitemonitor_functions.php on line 148

 

I think some permissions are not good becasue he has 644 on many files inside the admin

 

how to solve this?

 

Regards,

 

jasper

Share this post


Link to post
Share on other sites

The code skips some files, like images and xml, because it's unlikely any hacker code added to them would cause a problem. You can remove that in admin/includes/functions/site_monitor.php if you like (just search for exclude).

 

The hacker test scans all areas since you may have your reference file setup to skip some sections.

 

Okay thanks

 

Stupid of me i could have known it. :blush:

Share this post


Link to post
Share on other sites

On the shop of a partner he installed SiteMonito also.

But he got a error now Warning: array_flip() [function.array-flip]: Can only flip STRING and INTEGER values! in /www/htdocs__///__includes/functions/sitemonitor_functions.php on line 148

That error is most likely due to some invalid or non-standard name for one of your files. You would need to isolate it to find the problem. The easiest way is to exclude all directories and run the script to make sure it works without that error. Then start adding them back in and testing each time. When you find one that fails, look at the reference file for a file name that is different.

Share this post


Link to post
Share on other sites

Hey Im getting access denied "No Right Permission Access" when I try to click on Site Monitor Admin or configure.

 

I am using osCMax 2.025

Edited by Motive

Share this post


Link to post
Share on other sites

Hey Im getting access denied "No Right Permission Access" when I try to click on Site Monitor Admin or configure.

 

I am using osCMax 2.025

 

 

And I know to ask my host admin but I don't really know what to ask for? What "write or right" permission do I need and where or on what file? What is the root of the problem?

Edited by Motive

Share this post


Link to post
Share on other sites

And I know to ask my host admin but I don't really know what to ask for? What "write or right" permission do I need and where or on what file? What is the root of the problem?

Unfortunately, it is against forum rules to support oscommerce forks. You'll need to ask in the oscMax forums.

Share this post


Link to post
Share on other sites

Hi,

 

Also solved my problem. Was not the file or server permissions that were wrong, but the startline in the configuration file, had put there also /index.php behind it, but that was wrong, after deleting that it worked like a charme.

 

Greetings, Anne

Share this post


Link to post
Share on other sites

Hi,

 

I keep getting this error.

 

Warning: opendir(/home/username/public_html/) [function.opendir]: failed to open dir: No such file or directory in /home/******/public_html/catalog/*****/includes/functions/sitemonitor_functions.php on line 419

 

I'v stared out the admin ect for obvious reasons. Can anyone pleasse help me resolve this?

 

Regards,

 

Ken

Share this post


Link to post
Share on other sites

Just noticed something very odd. In the top left hand corner in the Sitemonitor part of the Admin Control, it says "Logged in as: c (Logoff)" But that is not my log in name? It seems to log me in as C for some reason each time I then Go on to the Site Monitor bit.

 

Regards,

 

Ken

Share this post


Link to post
Share on other sites

Just noticed something very odd. In the top left hand corner in the Sitemonitor part of the Admin Control, it says "Logged in as: c (Logoff)" But that is not my log in name? It seems to log me in as C for some reason each time I then Go on to the Site Monitor bit.

Both problems covered here recently.

Share this post


Link to post
Share on other sites

Jack, thank you. I did search before I asked, ut was unable to find an answer. I missed a letter when typing my username in the Start Directory part.

 

I'v had a little play with theis and it really is a very good contribution :)

 

Thanks

 

Ken

Share this post


Link to post
Share on other sites

I know this issue has been covered previously but i dont quite understand how the person was able to fix it....

 

Every time i click on SiteMonitor (Admin or Config) I get:

 

 

Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

Your username is invalid. Please change it and try again.

 

 

Any help would be greatly appreciate it as I have been hacked twice and want to get all these security strategies implemented.

Share this post


Link to post
Share on other sites

Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

Your username is invalid. Please change it and try again.

Verify the username is correct with the steps previously mentioned.

Share this post


Link to post
Share on other sites

I know this issue has been covered previously but i dont quite understand how the person was able to fix it....

 

Every time i click on SiteMonitor (Admin or Config) I get:

 

 

Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

Your username is invalid. Please change it and try again.

 

 

Any help would be greatly appreciate it as I have been hacked twice and want to get all these security strategies implemented.

 

The answer to these is on the previous pages. Pages 60 to 65 so not so far to look over.

 

"Logged in as: c (Logoff)" the answer to that is on the page before this one. Jack has stated the code change & where to change it.

 

Your username is invalid. Please change it and try again.

 

In SiteMonitor under the configuration heading in your Admin it says... Start Directory: /home1/thegoods/public_html (The root of the shop).

Check that yours states /home1/thegoods/public_html & not /home/thegoods/public_html

 

As for the Warning: opendir(public_html/my_directory/) [function.opendir]: failed to open dir: No such file or directory in /home1/thegoods/public_html/my_directory/admin/includes/functions/sitemonitor_functions.php on line 419

 

The suggestions didnt fix mine so I thought I'd worry about it later, I went & had coffee & when I came back I loaded my site back up & the error was gone, looks all good now. Sometimes you have to close the browser & reload rather than refresh to see things working.

Share this post


Link to post
Share on other sites

Hi, Rocaholic

 

Does SiteMonitor conflict with .htaccess functionality?

 

My enginering of php etc is not very good, but no it doesn't conflict. Sitemonitor is direct on the server of the website, htaccess is only access to the website outsite the admin.

 

Greetings, Dj Viper

Share this post


Link to post
Share on other sites

Hi there,

 

This looks like a fantastic contribution but I have just installed it and am receiving the following error:

 

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 20 bytes) in /home/***/public_html/***/sitemonitor_configure_setup.php on line 116

 

Does anybody have an idea on what I am doing wrong?

 

Cheers,

 

Andy

0

Share this post


Link to post
Share on other sites

This looks like a fantastic contribution but I have just installed it and am receiving the following error:

 

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 20 bytes) in /home/***/public_html/***/sitemonitor_configure_setup.php on line 116

 

Does anybody have an idea on what I am doing wrong?

If it is failing when first installed, then it is probably due to trying to load too may files. You will need to edit the sitemonitor_configure.php file to exclude some of the directories. Several examples of how to do this are in this thread.

Share this post


Link to post
Share on other sites

Site Monitor is a great contribution, however it obviously was not tested on sites with lots of files. My site has close to half a million files. There are a couple of bugs I have found. The out of memory error is easy to fix, but for others I had to debug for hours. Here are my findings:

 

- function ExcludeDirectory: Why do you pass a start_dir variable? It is never used for anything even though you run some string operations on it but then never use it. So I removed that one. (This was not really a bug but unnecessary code.)

 

- file: sitemonitor_configure_setup.php: You are missing a "require('sitemonitor_configure_setup.php');" right at the beginning and you need to get rid of "$excludeList = array();"

 

/****************** BUILD THE HACKED FILE LIST *********************/

$excludeList = array();

 

Because otherwise the excluded directories are still being processed which on big sites leads to a failing script.

 

With these changes I can at least run the site monitor, however not the check for hacked files. There again we have a function rglob() which tries to traverse all subdirectories ignoring the excluded ones. On big sites this is simply not possible. rglob should also obey the exclusions or if you want have another set of exclusions for this operation.

 

What I did is add a

 

if (ExcludeDirectory($sSubDir, $sDir)) continue;

 

Inside the foreach of the rglob() function plus adding the necessary "require('sitemonitor_configure.php');" in sitemonitor_admin.php. It seems to be running even though I have not fully thought this through. In general I have to note that some of the coding techniques used in this contribution is pretty strange or awkward if you will. I like the idea of the contribution but execution is a bit shaky.

Share this post


Link to post
Share on other sites

Oh my oh my, the algorithms used in function runSitemonitor are really bad. Any site with more than a few hundred files will not be able to run this function because it most likely will time out with a server error. SiteMontior uses nested for loops, the same 3 times in a row! And the logic of file comparison is incorrect.

 

I think SiteMonitor would need a complete overhaul but I don't have the time to do this. But I will show what I did with runSitemonitor to make it lightning fast even for large sites and allow file comparison even if files where deleted (of course comparing those that are still there, not the deleted ones).

 

First you need to store refFiles in an associative array where the file name is the index rather than a numeric index. Once you have done that you can simply use array_key_exists() to check if the file is there and do your comparisons. And we fold the three loops into one. Here is the key part that I changed in runSitemonitor

 

/************** SEE IF THE FILE SIZES ARE DIFFERENT ****************/

/************** SEE IF THE TIMESTAMPS ARE DIFFERENT ****************/

/************** SEE IF THE PERMISSIONS ARE DIFFERENT ***************/

$msg .= "\nSIZE MISMATCH:\n";

$error = 0;

$msg_time = '';

$error_time = 0;

$msg_perm = '';

$error_perm = 0;

$size = count($files);

$refFiles = GetReferenceFilesAssoc($referenceFile); //reload for all checks below

 

for ($i = 0; $i < $size; ++$i)

{

if (array_key_exists($files[$i], $refFiles))

{

// check file size

$newSize = GetSize($files[$i]);

$oldSize = GetPart(SIZE - 1, $refFiles[$files[$i]]); // -1 because in associative version the first element is missing

if ($newSize != $oldSize)

{

$msg .= DisplayMessage($verbose, ('Difference found: New-> '. GetFileName($files[$i]) . ' '. $newSize . ' Original-> ' . $oldSize));

$logEntry['Size Changed'][] = $files[$i];

$error++;

$ttlErrors++;

}

 

// check timestamp

$r = @stat($files[$i]);

if ($r[9] != GetPart(TIME - 1, $refFiles[$files[$i]]))

{

$msg_time .= DisplayMessage($verbose, ('Time Mismatch on '. GetFileName($files[$i]). ' Last Changed on ' . gmstrftime ("%A, %d %b %Y %T %Z", $r[9])));

$logEntry['Time Changed'][] = $files[$i];

$error_time++;

$ttlErrors++;

}

 

// check permissions

$pCurrent = substr(sprintf('%o', @fileperms($files[$i])), -3);

$pLast = GetPart(PERM - 1, $refFiles[$files[$i]]);

if ($pCurrent != $pLast)

{

$msg_perm .= DisplayMessage($verbose, ('permissions Mismatch on '. GetFileName($files[$i]). ' Currently set to "' . $pCurrent . '" was set to "' . $pLast .'"'));

$logEntry['Permissions Change'][] = $files[$i];

$error_perm++;

$ttlErrors++;

}

}

}

if (! $error)

$msg .= DisplayMessage($verbose, 'No size differences found...');

$msg .= "\nTIME MISMATCH:\n" . $msg_time;

if (! $error_time)

$msg .= DisplayMessage($verbose, 'No time mismatches found...');

$msg .= "\nPERMISSIONS MISMATCH:\n" . $msg_perm;

if (! $error_perm)

$msg .= DisplayMessage($verbose, 'No permissions mismatches found...');

 

 

And GetReferenceFilesAssoc() is the same as GetReferenceFiles() but it has a little addition at the bottom where the associative array is built. Hope this helps others on larger sites. Again, the idea of SiteMonitor is brilliant, the programming is subpar and fails for larger websites.

 

function GetReferenceFilesAssoc($path) //use curl if possible to read in site information

{

global $username, $password, $admin_dir;

$lines = array();

 

if (! empty($admin_dir) && ! empty($username) && ! empty($password) && function_exists('curl_init'))

{

$path = $admin_dir . '/' . $path;

$ch = curl_init();

$timeout = 5; // set to zero for no timeout

curl_setopt ($ch, CURLOPT_URL, $path);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);

curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password);

$file_contents = curl_exec($ch);

curl_close($ch);

$lines = explode("\n", $file_contents);

}

else

{

$fd = fopen ($path, "r");

while (!feof ($fd))

{

$buffer = fgets($fd, 4096);

$lines[] = $buffer;

}

fclose ($fd);

}

 

if (empty($lines))

{

echo 'Failed to read Reference File';

exit;

}

 

$return_array = array();

for ($i=0; $i<count($lines); $i++) {

$pos = strpos($lines[$i], ",");

$return_array[substr($lines[$i], 0, $pos)] = substr($lines[$i], $pos+1);

}

return $return_array;

}

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×