Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

What version of osC_Sec are you using Fred? If its the latest, then replace the following code:

 

replace:


 # Set your own x-powered-by
 # or leave as is
 header( "X-Powered-By: osC_Sec" );

 

with:


 # Set your own x-powered-by
 # or leave as is
 # header( "X-Powered-By: osC_Sec" );


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Thanks for the tip, I was using the latest.

 

I have just taken out os sec but still get

 

Error 403: Forbidden
Your PHP settings have been disabled by an H-Sphere administrator.
    Your current PHP configuration:
    This configuration was changed: Mon Dec 5 02:00:10 UTC 2011
Please bring your PHP configuration in compliance with admin settings or request your administrator to re-enable support of your settings.

 

I can only find 1 reference to

Notice: Constant HTTP_SERVER already defined in /hsphere/local/home/xxxxxxxx/xxxxxxxx.com/commerce/catalog/admin4AlBe/includes/configure.php on line 13

 

coopco made a reference to

 

"Methinks that you have to use the absolute path instead of the DOCUMENT_ROOT"

 

in http://forums.oscommerce.com/topic/326933-my-store-is-broken-please-help/page__view__findpost__p__1362012

 

But I can't see a fault.

 

Midnight here will look again tomorrow.

 

FF

Share this post


Link to post
Share on other sites

But I can't see a fault.

 

Midnight here will look again tomorrow.

 

FF

See here.

Share this post


Link to post
Share on other sites

I setup SiteMonitor on my site (cart v2.3.1) a couple weeks ago and it seems to work fine. I run it every morning but the other day (and today) when I ran it I got mismatched files in the includes/work/ folder shown below.

 

I can see it's a cache file but it's getting changed in the early morning hours.

 

Does anyone know if this is normal or not?

 

 

SIZE MISMATCH:

Difference found: New-> includes/work/rss_d9a966ba3c3261d2b4a0bddc2faa12ca.cache 7386 Original-> 4546

 

TIME MISMATCH:

Time Mismatch on includes/work/rss_86380e70026c8af52c338ac98e375a04.cache Last Changed on Friday, 09 Dec 2011 15:00:48 GMT Time Mismatch on includes/work/rss_d9a966ba3c3261d2b4a0bddc2faa12ca.cache Last Changed on Friday, 09 Dec 2011 15:00:48 GMT

 

Thanks Rick

Share this post


Link to post
Share on other sites

I setup SiteMonitor on my site (cart v2.3.1) a couple weeks ago and it seems to work fine. I run it every morning but the other day (and today) when I ran it I got mismatched files in the includes/work/ folder shown below.

 

I can see it's a cache file but it's getting changed in the early morning hours.

 

Does anyone know if this is normal or not?

The work directory is protected, or should be, and is used for temporary files so it should be OK to exclude that directory.

Share this post


Link to post
Share on other sites

A new version has been uploaded. It just corrects the file that wasn't updated previously so if your 3.0 version is working, there's no reason to download this one.

Share this post


Link to post
Share on other sites

Will the new version fix this issue?

 

I have 2 domains running osC RC2 on a multi-domain hosting service. Site monitor V3.0 runs fine on one but on the other I get the following when trying to "Delete Reference File".

 

2006 - MySQL server has gone away
select count(*) as total from sessions where sesskey = '0d8e110e397489ad4ab552596153ff42'
[TEP STOP]

 

I have uploaded the files again in case one got corrupted during FTP (unlikely) but no change. Both sitemonitor_configure_0.txt and sitemonitor_db_reference.txt are set to 644.

 

The osC set up is near identical for both domaind but the problem one has thousands more images. I have Automatic Thumbnail for osC installed and have emptied the thumbs_cache folder before running to reduce the number of files to process.

Share this post


Link to post
Share on other sites

Jack

 

Downloaded the latest version last night anf put it on a 2.3.1 site running under xampp.

 

Once I get a list of suspect files clicking on them used to display the file in a pop up.

 

Now it gives alink

 

		 <td class="smallText"><a class="smallText" style="color: rgb(102, 51, 255);" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/xxx/images/osh3.php')">gwtest/xxx/images/osh3.php</a></td>

 

When you click on it you get

 

Warning: file(C:/Program%20Files/xampp_15/xampp/htdocs/231/gwtest/yyy/images/osh3.php) [function.file]: failed to open stream: No such file or directory in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 13
Warning: Invalid argument supplied for foreach() in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 15

 

Used to work fine when earlier versions used on xampp on rc2a sites.

 

Any thoughts?

 

Thanks

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Will the new version fix this issue?

 

I have 2 domains running osC RC2 on a multi-domain hosting service. Site monitor V3.0 runs fine on one but on the other I get the following when trying to "Delete Reference File".

 

2006 - MySQL server has gone away
select count(*) as total from sessions where sesskey = '0d8e110e397489ad4ab552596153ff42'
[TEP STOP]

 

I have uploaded the files again in case one got corrupted during FTP (unlikely) but no change. Both sitemonitor_configure_0.txt and sitemonitor_db_reference.txt are set to 644.

 

The osC set up is near identical for both domaind but the problem one has thousands more images. I have Automatic Thumbnail for osC installed and have emptied the thumbs_cache folder before running to reduce the number of files to process.

That error is one that occurs when the database is not available. It can be caused by a number of things but in this one it seems you have an error in the sessions table. SiteMonitor doesn't use the database so it can't be due to it.

Share this post


Link to post
Share on other sites

Jack

 

Downloaded the latest version last night anf put it on a 2.3.1 site running under xampp.

 

Once I get a list of suspect files clicking on them used to display the file in a pop up.

 

Now it gives alink

 

		 <td class="smallText"><a class="smallText" style="color: rgb(102, 51, 255);" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/xxx/images/osh3.php')">gwtest/xxx/images/osh3.php</a></td>

 

When you click on it you get

 

Warning: file(C:/Program%20Files/xampp_15/xampp/htdocs/231/gwtest/yyy/images/osh3.php) [function.file]: failed to open stream: No such file or directory in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 13
Warning: Invalid argument supplied for foreach() in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 15

Where are you seeing the suspect files?

Share this post


Link to post
Share on other sites

sitemonitor_admin.php

 

Checked 285 directories containing a total of 2549 files. Skipped 9336 files. 93 suspected hacked files found.


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

I setup a new install using the new version of site monitor on an osCommerce store. I did everything as directed but when I get to step 5 to configure in the administrator panel and click update I get an triangle error at the top of the screen. No message. Nothing advising what needs to be corrected. The only thing I see changing are in the 3 bottom boxes for excluding files. After I click update it removes all of the hypens and commas. It's not updating and I can't get past this.

Share this post


Link to post
Share on other sites

That error is one that occurs when the database is not available. It can be caused by a number of things but in this one it seems you have an error in the sessions table. SiteMonitor doesn't use the database so it can't be due to it.

Interesting.

 

I deleted the session using phpMyAdmin. I deleted all cookies for the domain from FireFox. Obviously I had to log in again then retried but still get the same error all be it with a new session number.

Share this post


Link to post
Share on other sites

sitemonitor_admin.php

 

Checked 285 directories containing a total of 2549 files. Skipped 9336 files. 93 suspected hacked files found.

I tested it here and it works as always. Plus, I searched the SiteMonitor files for "rgb," which you said was related to this, and that is not used in the code - anywhere. So it seems you have sometihng changed in your installation that is causing the problem.

Share this post


Link to post
Share on other sites

I setup a new install using the new version of site monitor on an osCommerce store. I did everything as directed but when I get to step 5 to configure in the administrator panel and click update I get an triangle error at the top of the screen. No message. Nothing advising what needs to be corrected. The only thing I see changing are in the 3 bottom boxes for excluding files. After I click update it removes all of the hypens and commas. It's not updating and I can't get past this.

The triangle indicates a warning. If it is stopping there though, either you've made a mistake in the installation/setup or something on your server is preventing the code from working. If you have a file named error_log in your admin directory, read it to see what the last error is. If not, then you will need to ask your host to see what error is being reported. There's code you can add to the file to have it show the error but it many show many warnings and may confuse you more than help. But if your host refuses to help. I'll post the code here.

Share this post


Link to post
Share on other sites

Interesting.

 

I deleted the session using phpMyAdmin. I deleted all cookies for the domain from FireFox. Obviously I had to log in again then retried but still get the same error all be it with a new session number.

I can't think of anything in the code that would cause that. All I can suggest is that you try to exclude all directories and see if it runs. If it does, then add them back in one at a time until it fails and trace from there.

Share this post


Link to post
Share on other sites

I tested it here and it works as always. Plus, I searched the SiteMonitor files for "rgb," which you said was related to this, and that is not used in the code - anywhere. So it seems you have sometihng changed in your installation that is causing the problem.

 

I only wish I had changed something, vanilla install with only site monitor installed. When using view generated source in FF it gives

 

<td class="smallText"><a class="smallText" style="color: rgb(0, 0, 0);

 

Using view source

 

<td class="smallText" ><a class="smallText" style="color: #000" href="javascript:popupWindow('sitemonitor_popup.php

 

The php is

 

<td class="smallText" ><a class="smallText" style="color: <?php echo $color; ?>" href="javascript:popupWindow('sitemonitor_popup.php?<?php echo $hackedFiles[$i]['file'];?>')"><?php echo substr($hackedFiles[$i]['file'], strlen(DIR_FS_CATALOG)); ?></a></td>

 

and gives this using view source

 

					<tr>
					  <td class="smallText" width="14" align="center"> </td>

		 <td class="smallText" width="24">60</td>
		 <td class="smallText" ><a class="smallText" style="color: #ff0000" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/yyy/admin/includes/modules/newsletters/product_notification.php')">gwtest/yyy/admin/includes/modules/newsletters/product_notification.php</a></td>
		 <td class="smallText" width="14" align="center">eval</td>
		 <td class="smallText" width="14" align="center"> </td>
		 <td width="6" align="center"><input type="checkbox" name="exclude_64" value="on" id="exclude_64"></td>
		 <td width="6" align="center"><input type="checkbox" name="quaranteen_64" value="on" id="quaranteen_64"></td>
		</tr>

					<tr>
					  <td class="smallText" width="14" align="center"> </td>
		 <td class="smallText" width="24">0</td>
		 <td class="smallText" ><a class="smallText" style="color: #6633FF" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/yyy/images/osh3.php')">gwtest/yyy/images/osh3.php</a></td>
		 <td class="smallText" width="14" align="center"> </td>
		 <td class="smallText" width="14" align="center"> </td>
		 <td width="6" align="center"><input type="checkbox" name="exclude_65" value="on" id="exclude_65"></td>
		 <td width="6" align="center"><input type="checkbox" name="quaranteen_65" value="on" id="quaranteen_65"></td>

		</tr>

 

Could it be the spaces in "C:\Program File" or something to do with xampp/windows?

 

Can't see why as I have had earlier versions working on xampp/xp before

 

Cheers

 

G

Edited by geoffreywalton

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

 

I only wish I had changed something, vanilla install with only site monitor installed. When using view generated source in FF it gives

 

<td class="smallText"><a class="smallText" style="color: rgb(0, 0, 0);

Oh, viewing the source is a different matter and can be misleading. The code uses html color names, like sienna, so the browser is probably converting that to rgb. I'v never looked at it but that is likely the case. As for the actual code, nothing was changed between 3.0 and 3.1 regarding the hacker test. If you used an earlier version than 3.0, there was some minor changes to that part of the code but nothing that should cause your problem, that I can think of. You could try installing whichever version you had working and then try the manual upload using the update files.

Share this post


Link to post
Share on other sites
I can't think of anything in the code that would cause that. All I can suggest is that you try to exclude all directories and see if it runs. If it does, then add them back in one at a time until it fails and trace from there.

Well spotted that man!

 

When I started the process you suggested I found a recent change I had forgotten - I had set monitoring to start at the root (seemed sensible) rather than the store. In the root I have a 'sandbox' store plus other private areas. It all adds up to 3-4 times an osC set of files. DoooH!

 

I will now start adding them back a bit at a time to see where it falls over.

Share this post


Link to post
Share on other sites

In the directions to you state the following:

 

If your shop is BEFORE version 2.3, add this anywhere before the last ?>

require(DIR_WS_BOXES . 'sitemonitor.php');

If your shop is AFTER version 2.3, add this before the first ?>

include(DIR_WS_BOXES . 'sitemonitor.php');

 

What do I do if my shop version is 2.3 ?

Share this post


Link to post
Share on other sites

In the directions to you state the following:

 

If your shop is BEFORE version 2.3, add this anywhere before the last ?>

require(DIR_WS_BOXES . 'sitemonitor.php');

If your shop is AFTER version 2.3, add this before the first ?>

include(DIR_WS_BOXES . 'sitemonitor.php');

 

What do I do if my shop version is 2.3 ?

Use the 2. 3 instructions.

Share this post


Link to post
Share on other sites

anything im trying , i get this error

 

 

2006 - MySQL server has gone away

 

select last_update from admin_notes

 

[TEP STOP]

 

2006 - MySQL server has gone away

 

select count(*) as total from sessions where sesskey = 'hslkn459k0626mslu7k1tdjjk3'

 

[TEP STOP]

 

anyone have an idea please

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×