Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

Adde the username and password but the problem persist.

There isn't a password involved for the normal run so you probably entered in the curl settings. You need to fill in the start directory setting and leave the curl settings alone. As mentioned previously in this thread, you should look at the path in admin->modules and make sure your start directory entry matches the first part of that. You should also pay attention to the error that displays at the top of the confiugre page, assuming there is one, since it shows the usernames if they are not the same.

Share this post


Link to post
Share on other sites

If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically.

 

The contribution can be found here.

 

Jack

 

Hi Jack

I love this contribution, it was very easy to install which I did after some monkey hacked my admin and set up an administrator account for himself dropped prices on items

and then tried to buy them... pffff.

 

Anyway I've followed your instructions to the letter with regards to installation but when I click on Site Monitor in the admin panel

I get the following error message at the top

 

the URL is >>>>>>>>>>>>>>> http://www.mysite.com.au/catalog/admin/sitemonitor_configure_setup.php?invalid_username=true

 

the message is>>>>>>>>>>> Your username is invalid. Please change it and try again.: System -> /smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/ - SiteMonitor -> smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/

 

I've tried changing user names and double checked the configuration file and permissions to make sure it's writing correctly but to no avail.

please help.

Share this post


Link to post
Share on other sites

Hello Jack,

 

Wonderfull contribution. Seems to be good, but I have 3 error messages on the top

 

Error ERROR_ADMIN_NAME

Error ERROR_FILE_MANAGER

Error ERROR_IMAGES_NOT_PROTECTED

 

What can I do?

Share this post


Link to post
Share on other sites

the message is>>>>>>>>>>> Your username is invalid. Please change it and try again.: System -> /smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/ - SiteMonitor -> smhhome/4-web/47/bf/mysite.com.au/public/www/catalog/

They have to match. Your's don't. Copy your system path to SiteMonitor's start directory setting.

Share this post


Link to post
Share on other sites

Hello Jack,

 

Wonderfull contribution. Seems to be good, but I have 3 error messages on the top

 

Error ERROR_ADMIN_NAME

Error ERROR_FILE_MANAGER

Error ERROR_IMAGES_NOT_PROTECTED

 

What can I do?

Those are defined in the admin/includes/languages/english/sitemonitor_admin.php file. Be sure they are in there. If you are using a different language, then you have copy that file to the other language directory.

Share this post


Link to post
Share on other sites

I think sitemonitor_functions.php line 431 should be

 

if(is_dir($path."/".$file) && $file!="." && $file !="..")$size +=filesize($path."/".$file);

Edited by snowbird

---------------------------------------------

Regards,

 

Snowbird

Share this post


Link to post
Share on other sites

I think sitemonitor_functions.php line 431 should be

 

if(is_dir($path."/".$file) && $file!="." && $file !="..")$size +=filesize($path."/".$file);

Good catch. Actually, that whole GetSize function is not needed. It should be deleted and the two calls to it should be changed to used filesize instead of GetSize.

Share this post


Link to post
Share on other sites

Jack_mcs,

 

You seem to be the most knowledgable about osCommerce. I have a problem that you may be able to answer.

 

Soemone hacked my site. I found all of the admin logins and, what I think is, most of the files. However, there was a main form that they seemed to be using. XML.PHP. Any idea what this hack is? It seemed to give them access to my file manager, but I'm not THAT good with PHP. There was a lot of other files as well, but this one showed up in several places. It was in the root, the CSS folder, and ETC.

 

Any help would be greatly appreciated. Thanks!

 

Jim

Share this post


Link to post
Share on other sites

You seem to be the most knowledgable about osCommerce. I have a problem that you may be able to answer.

 

Soemone hacked my site. I found all of the admin logins and, what I think is, most of the files. However, there was a main form that they seemed to be using. XML.PHP. Any idea what this hack is? It seemed to give them access to my file manager, but I'm not THAT good with PHP. There was a lot of other files as well, but this one showed up in several places. It was in the root, the CSS folder, and ETC.

 

Any help would be greatly appreciated. Thanks!

This is the support thread for SiteMonitor and that question isn't to do with it so you will need to ask in the general forums. I will say though that if you have the file manager installed, first, SiteMonitor should have notified you of that, and second, it should not be instaled. It is possible that that is how the hacker got in in the first place.

Share this post


Link to post
Share on other sites

I just tried to install site monitor and I did everything in the directions but when I go to admin/sitemonitor/admin is says this in red at the top " Your username is invalid. Please change it and try again.: System -> /home/gogett9/public_html/ - SiteMonitor -> /home/username/public_html/"

What am I supposed to do here? I didnt see anything in the directions about this and am a little lost because I don't know very much about this kind of stuff... Just trying to get my site secure. Thanks!

Share this post


Link to post
Share on other sites

I just tried to install site monitor and I did everything in the directions but when I go to admin/sitemonitor/admin is says this in red at the top " Your username is invalid. Please change it and try again.: System -> /home/gogett9/public_html/ - SiteMonitor -> /home/username/public_html/"

What am I supposed to do here? I didnt see anything in the directions about this and am a little lost because I don't know very much about this kind of stuff... Just trying to get my site secure. Thanks!

Step 5 says to setup the settings in the configure section. That message is showing that your SiteMonitor path doesn't match the systems path so it would appear you have not completed step 5.

Share this post


Link to post
Share on other sites

I have the exact same problem, but don't know how to identify the right path. I tried the following:

 

/var/www/vhosts/domain.de/

/var/www/vhosts/domain.de/httpdocs/shop/admin/

 

I am on a vServer. What am I missing here?


Open Source Newsletter: PhPList

Open Source Questionnaire: Lime Survey

Share this post


Link to post
Share on other sites

I have the exact same problem, but don't know how to identify the right path. I tried the following:

 

/var/www/vhosts/domain.de/

/var/www/vhosts/domain.de/httpdocs/shop/admin/

 

I am on a vServer. What am I missing here?

The correct path is displayed in the error on the configure page as system. Copy that into the start directory and click update.

Share this post


Link to post
Share on other sites

Ok. I switched the paths and it worked. Thank you.

I am now getting the error "Your images directory is not protected by a .htaccess file." I did not realise that this would have to be done. Where would I find out how to do this?


Open Source Newsletter: PhPList

Open Source Questionnaire: Lime Survey

Share this post


Link to post
Share on other sites

Ok. I switched the paths and it worked. Thank you.

I am now getting the error "Your images directory is not protected by a .htaccess file." I did not realise that this would have to be done. Where would I find out how to do this?

It's part of protecting your shop. SiteMonitor is telling you there is a security problem and you should fix it. Download a copy of the oscommerce package and use the .htaccess file from its images directory.

Share this post


Link to post
Share on other sites

Thank you for your reply even though this doesn't seem to be part of the site monitor. I was not aware that I had deleted anything from the images folder and when I checked the original zip file (oscommerce-2.2rc2a.zip) I could a .htaccess in the images folder. There is one in the root folder of the shop but it doesn't mention the images folder.

Would the htaccess be part of another add-on?


Open Source Newsletter: PhPList

Open Source Questionnaire: Lime Survey

Share this post


Link to post
Share on other sites

Thank you for your reply even though this doesn't seem to be part of the site monitor. I was not aware that I had deleted anything from the images folder and when I checked the original zip file (oscommerce-2.2rc2a.zip) I could a .htaccess in the images folder. There is one in the root folder of the shop but it doesn't mention the images folder.

Would the htaccess be part of another add-on?

No, it doesn't have anything to do with a contribution. It just wasn't included in previous releases of oscommerce but should have been.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

I ran the first test and did the second. Half my website was moved into the quarantine folder. Obviuosly thats not the point. Should I disable the quarantine option?

 

PS: OK, where would I find teh correct .htaccess file then?

Edited by NewBudda

Open Source Newsletter: PhPList

Open Source Questionnaire: Lime Survey

Share this post


Link to post
Share on other sites

I ran the first test and did the second. Half my website was moved into the quarantine folder. Obviuosly thats not the point. Should I disable the quarantine option?

The description for that option says any new files will be moved so having it set for a new install is not a good idea since they are all new. You should un without that option until you are sure everything is working. Then, if you want to use it, enable it, upload a new file and run it again (use the second or third update button) to see what happens. The quarantine option can be very useful but can also cause problems. Consider what happens if you have it set and then decide to upoad a new version of your index.php file. That would be quarantined, thus breaking your shop. In that case, you need to be sure to create a new reference file after the upload.

Share this post


Link to post
Share on other sites

Would this be the correct htaccess file?

http://addons.oscommerce.com/info/6066 ??

I've already responded with how to get the correct file.

Share this post


Link to post
Share on other sites

Hello,

 

I just got site monitor working (I think) and when I go into "sitemonitor" within my admin it gives me this message at the top in red

 

" WARNING: Your admin name is admin. That should be changed.

WARNING: Your images directory is not protected by a .htaccess file."

 

How do I do these two things? If I change the name of my admin will it break anything? and sorry I don't know much about developing, so the .htaccess is new to me.

 

Thanks

Share this post


Link to post
Share on other sites

I just got site monitor working (I think) and when I go into "sitemonitor" within my admin it gives me this message at the top in red

 

" WARNING: Your admin name is admin. That should be changed.

WARNING: Your images directory is not protected by a .htaccess file."

 

How do I do these two things? If I change the name of my admin will it break anything? and sorry I don't know much about developing, so the .htaccess is new to me.

For the admin change, ask in the general forum or search for how to do that. For the htaccess, just read recent posts.

Share this post


Link to post
Share on other sites

The line numbers for the hackers file is one off due to the <?php line. If you go to the next line, it is probably the list of hacker codes the script is checking for.

 

The code reads in the files directly from the server. It can't find one if it isn't there. Are you sure you are looking in the correct images directory?

 

About: WARNING: Your images directory contains .php files but it should not.

Also found a php file in images directory, but after checking, I have no such file there ...

 

Well, the glob page says

Returns an array containing the matched files/directories, an empty array if no file matched or FALSE on error.

Note: On some systems it is impossible to distinguish between empty match and an error.

 

file: sitemonitor_admin.php

if (count(glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php'))) {
$messageStack->add(ERROR_IMAGES_HAS_PHP, 'error');
}

If it's returning false, count() would count that as one value.

 

Here is my solution

file: sitemonitor_admin.php

Replace

if (count(glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php'))) {
$messageStack->add(ERROR_IMAGES_HAS_PHP, 'error');
}

 

with

 

$phpdata = glob(DIR_FS_CATALOG . DIR_WS_IMAGES . '*.php');
if(empty($phpdata))
$phpdata = 0;
else 
{ 
$messageStack->add(ERROR_IMAGES_HAS_PHP, 'error');
}

Share this post


Link to post
Share on other sites
Would this be the correct htaccess file?

http://addons.oscommerce.com/info/6066 ??

 

I've already responded with how to get the correct file.

Sorry I must have missed it. English is not my first language :(

I found the .htaccess file in the current release of oscommerce. Thank you!


Open Source Newsletter: PhPList

Open Source Questionnaire: Lime Survey

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×