Latest News: (loading..)
Jack_mcs

SiteMonitor

2,173 posts in this topic

A new version has been uploaded with the following changes:

 

- Added a link to quickly delete the reference an db reference files.

- Added code to check for the existence of an .htaccess file in the includes directory.

- Explanded startup file checking code to check for six types instead of two in the images directory.

- Changed hacker test to skip certain legitimate cases where eval is part of the name. Removes a lot false results from the test.

- Changed initial file checking for the images directory so empty entries are ignored.

- Corrected mistake in 2.9 -> 3.0 update instructions found by user razeryokes.

- Corrected messageStack code in sitemonitor_admin.php.

- Fixed log code. It wasn't truncating logs correctly.

Share this post


Link to post
Share on other sites

I just installed the latest version 3.2 on an RC2A instance. The Delete Reference File worked without error. The Execute Sitemonitor had 2 differences which are expected. But when I run the Manually Execute Sitemonitor, the following error occurs:

 

Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in /home/content/l/e/l/xxxxxxx/html/xxxxx/includes/functions/sitemonitor_functions.php on line 364

 

Not sure why it's not picking up the correct start directory? When I go back into Configure everything appears to be correct. When I open the sitemonitor_configure_0.txt file it still contains the defaults. Where is the configuration information stored?

Share this post


Link to post
Share on other sites

Never mind... it appears that I had FILENAME_SITEMONITOR_CONFIGURE set to .PHP instead of .TXT. Everything is working fine. Nice product :)

Share this post


Link to post
Share on other sites

Hi Jack,

 

I'm using your great contrib, but unfortunatelly my provider has disabled mail function for security reasons. Is there a way to use other mail contribs? I'm using PHPMailer Class in the store...

 

Thanks

Share this post


Link to post
Share on other sites

I'm using your great contrib, but unfortunatelly my provider has disabled mail function for security reasons. Is there a way to use other mail contribs? I'm using PHPMailer Class in the store...

Yes, but it isn't something I offer support for. But one would normally only have to include the class file, create an instance of the class and change the tep_mail line in the code to get it to work, assuming the email class you have installed is working correctly. If email is disables then the change must have been made to your checkout_process.php file or your customers would not receive emails. So you can check there to see how it is done.

 

--> Stepping up on soapbox

In my opinion, it is nonsense for a host to do that. I suspect what happened was that they were getting bombarded with emails sent from hackers using the tell a friend and other form pages and instead of having the sites on the server fix the problem, they just turned it off. I'm always of the opinion that if you have to change your sites basic functions to work with a particular host, then you should switch hosts.

--> Rant completed :)

Share this post


Link to post
Share on other sites

Thanks Jack,

I'll have a look...

 

I'm just a bit confused about the change to do in tep_mail line, because I can't find any tep_mail being used in your contribution. There is although a mail line around line 1169 in the file sitemonitor_functions.php:

   if ($ttlErrors || $always_email) {
    mail($to, 'Site Monitor Results', $msg, $from);
    if ($verbose)
	    echo 'Email sent to shop owner.' .'<br>';
   }

 

Unless you are talking about other tep_mail line...

Share this post


Link to post
Share on other sites

Hi again Jack,

 

I managed to use PHPmailer class to send the emails.

For other people using the same contrib (http://addons.oscommerce.com/info/7226), here is what I changed on admin/includes/functions/sitemonitor_functions.php:

Find:

if ($ttlErrors || $always_email) {
		mail($to, 'Site Monitor Results', $msg, $from);
		if ($verbose)
				echo 'Email sent to shop owner.' .'<br>';
}

Replace by:

if ($ttlErrors || $always_email) {
	  // include server parameters
	  require('includes/configure.php');
	  $server=DB_SERVER;			  # host name of server running MySQL
	  $user=DB_SERVER_USERNAME;	   # existing login username for mysql
	  $password=DB_SERVER_PASSWORD; # login password for mysql username
	  $dbname=DB_DATABASE;			# name of existing database to use
	  // Connect to database and get all config values.
	  $config_values="";
	  $dbconn=@mysql_connect($server,$user,$password) or http_headers('','Error,Database Connection');
	  @mysql_select_db($dbname,$dbconn) or http_headers('','Error,Database Connection');
	  $sql="select configuration_key as cfgKey, configuration_value as cfgValue from configuration where configuration_group_id='12' or configuration_group_id='1'";
	  $result=@mysql_query($sql,$dbconn) or http_headers('','Error,Database Connection');
	  while ($row = @mysql_fetch_array($result)) {
		if ($row['cfgKey'] != "LAST_HASH") $config_values.=$row['cfgKey'].'='.$row['cfgValue'];  // To be fed to hashing function.
		  define($row['cfgKey'], $row['cfgValue']);
	  }
	if(EMAIL_USE_PHPMAILER == 'true')
	{
	  require(DIR_WS_FUNCTIONS . 'general.php');
	  require_once(DIR_WS_CLASSES . 'phpmailer/class.phpmailer.php');
	  tep_mail($to, $to, 'Site Monitor Results' . ' - ' . STORE_NAME, $msg, $from, $from);
	}
	else {
	  mail($to, 'Site Monitor Results', $msg, $from);
	}
	if ($verbose)
		echo 'Email sent to shop owner.' .'<br>';
}

 

I had also the change the $from string in the sitemonitor_configure_0.txt (as for other instances if they exist) from:

$from = 'From: some_address@your_domain.com'; //where email is sent from

to:

$from = 'some_address@your_domain.com'; //where email is sent from

as I got an error saying:

Invalid address: From: some_address@your_domain.com

Of course I changed some_address@your_domain.com to my real email address...

This last change can also be performed on sitemonitor_functions.php for any new configuration files to be created using the right string.

 

Enjoy!

Share this post


Link to post
Share on other sites

Jack, in a 2.3.1 shop in Sitemonitor V3.2>Admin>Manually Execute Sitemonitor, after clicking the update button I get this:

 

 

Warning: mktime() [function.mktime]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /home/myname/public_html/myshopsadmin/includes/functions/sitemonitor_functions.php on line 296

 

This only occur with php 5.3.13; when I toggle the shop over to php version 5.2 the warning is not there.

 

I have this:

 

// set default store time zone

 

ini_set('date.timezone', 'America/New_York');

 

in the shops application_top.php file.

 

Any ideas on this?

 

Thanks

Edited by altoid

Share this post


Link to post
Share on other sites

Jack, in a 2.3.1 shop in Sitemonitor V3.2>Admin>Manually Execute Sitemonitor, after clicking the update button I get this:

 

This only occur with php 5.3.13; when I toggle the shop over to php version 5.2 the warning is not there.

I have this:

 

in the shops application_top.php file.

As far as I know, it should only show such a failure if the date is not present, which is should never be in this case, or if a certain argument is used in that function, which it isn't, so I don't know why it is showing the error. You can try two tihngs to remove it though:

 

- In the sitemonitor_functions.php file, find mktime and change it to @mktime.

 

- Add this to the top of the function that call is in or at the top of the sitemonitor_admin.php file (after the includes application_top line

date_default_timezone_set("America/New_York");

Share this post


Link to post
Share on other sites

I install the contr. as far as i can ( I am really not good in this kind of things)

And I can not bring it to run.

 

I am getting this message:

 

Warning: fopen(/typo24.gr/catalog/admin/sitemonitor_configure_0.txt) [function.fopen]: failed to open stream: No such file or directory in /usr/www/users/myserver/mysite/catalog/admin/includes/functions/sitemonitor_functions.php on line 779

Failed to open file /mysite/catalog/admin/sitemonitor_configure_0.txt

Warning: fclose() expects parameter 1 to be resource, boolean given in /usr/www/users/myserver/mysite/catalog/admin/includes/functions/sitemonitor_functions.php on line 783

 

What has this meaning?

Share this post


Link to post
Share on other sites

Hi Jack,

 

I noticed that on the browser you can open the site monitor text files (sitemonitor_configure_0.txt, sitemonitor_db_reference.txt, etc), and you can also show the text logs from the directory sitemonitor_logs. Shouldn't these files be protected by .htaccess?

 

Regards

Share this post


Link to post
Share on other sites

I am getting this message:

 

Warning: fopen(/typo24.gr/catalog/admin/sitemonitor_configure_0.txt) [function.fopen]: failed to open stream: No such file or directory What has this meaning?

Did you upload all of the files in the package to the correct location on your server? Did you go to the configure section of SiteMonitor and click update to save teh settings?

Share this post


Link to post
Share on other sites

Hi Jack,

 

I noticed that on the browser you can open the site monitor text files (sitemonitor_configure_0.txt, sitemonitor_db_reference.txt, etc), and you can also show the text logs from the directory sitemonitor_logs. Shouldn't these files be protected by .htaccess?

 

Regards

They are in your admin, or should be, which is already protected, or should be.

Share this post


Link to post
Share on other sites

They are in your admin, or should be, which is already protected, or should be.

Mine is not protected by .htpassdw, otherwise I can not configure cron tab (I use a web cron tab as my provider does not allow me to have crontab jobs).

I believe this will happen to lot's of people.

Share this post


Link to post
Share on other sites

Mine is not protected by .htpassdw, otherwise I can not configure cron tab (I use a web cron tab as my provider does not allow me to have crontab jobs).

I believe this will happen to lot's of people.

No, that is not very common. I suggest you find a host that allows using oscommerce properly since it isn't a question of if your site will be hacked, just when it will be.

Share this post


Link to post
Share on other sites

- In the sitemonitor_functions.php file, find mktime and change it to @mktime.

 

Jack, the change to @mktime took care of that warning generated when running php v 5.3.

 

Another thing I notice when running the same process in php v 5.3.13, I am getting this

 

No new files found...

No deleted files found...

No size differences found...

Time Mismatch on myshopsadmin/session_mm_cgi-fcgi503.sem Last Changed on Friday, 13 Jul 2012 01:19:34 GMT

No permissions mismatches found...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sitemonitor (0) ran on July 12, 2012, 9:19 pm

Total mismatches found were 1

Total files being monitored is 2537

Email sent to shop owner.

 

When I delete the reference file, this file appears every time, with an updated time mismatch.

 

This only occurs with php 5.3; toggling back to 5.2, this output does not occur.

 

Thanks

Share this post


Link to post
Share on other sites

I haven't seen a failure like that before so I don't have an answer for it. But you might want to look at the entry for that file in the reference file. Maybe something is causing it to be recorded incorrectly which in turns causes the script to fail.

Share this post


Link to post
Share on other sites

I haven't seen a failure like that before so I don't have an answer for it. But you might want to look at the entry for that file in the reference file. Maybe something is causing it to be recorded incorrectly which in turns causes the script to fail.

 

Here's what's in the reference file:

 

/home/myname/public_html/myshopsadmin/session_mm_cgi-fcgi503.sem,0,1342142476,600

 

What is that file anyway, I don't see it browsing the shop via my ftp client or the cPanel file manager?

Share this post


Link to post
Share on other sites

Here's what's in the reference file:

 

/home/myname/public_html/myshopsadmin/session_mm_cgi-fcgi503.sem,0,1342142476,600

 

What is that file anyway, I don't see it browsing the shop via my ftp client or the cPanel file manager?

According to http://filext @ com/file-extension/SEM, it is a file used by a design company. If you don't need it for your site, it should be deleted. If possible, out of curiosity, you could copy/rename some common file, like privacy.php, to privacy.sem to see if it is the filetype that is causing a failure.

Share this post


Link to post
Share on other sites

According to http://filext @ com/file-extension/SEM, it is a file used by a design company. If you don't need it for your site, it should be deleted. If possible, out of curiosity, you could copy/rename some common file, like privacy.php, to privacy.sem to see if it is the filetype that is causing a failure.

 

I'll check into this with my host. I've not used a design company but I wouldn't be surprised this file is there because of some of the design support they offer. Or something like that. I'll get back with what I find out and see if what you recommended takes care of this.

 

Thanks

Share this post


Link to post
Share on other sites

I'll check into this with my host. I've not used a design company but I wouldn't be surprised this file is there because of some of the design support they offer. Or something like that. I'll get back with what I find out and see if what you recommended takes care of this.

 

Thanks

 

well that went more quickly than i expected...here's what the host support guy says about that file...

 

 

The file is a session file created by the FastCGI software.

on our VPS accounts we recommend FastCGi, coupled with APC. APC is a caching/snapshot software and FastCGI is a faster handler of CGI/Perl files.

They may update continually, delete and recreate (creating snapshots of the website).

I have confirmed that they are a part of APC's snapshot/caching functions.

APC and FastCGI integrate with PHP to cache the site and improve performance.

 

 

So the support guy recommends not doing anything with it as per above. Which I guess is the best thing to do.

 

Interesting that running Site Monitor on 5.3 picks this up but doesn't when running 5.2

 

Would it be worth considering code in Site Monitor to ignore this file? Right now the only way I think I could avoid it is to exclude all my "admin" folders and files consider this is showing to reside right under the admin side of things.

Share this post


Link to post
Share on other sites

well that went more quickly than i expected...here's what the host support guy says about that file...

 

 

 

 

So the support guy recommends not doing anything with it as per above. Which I guess is the best thing to do.

 

Interesting that running Site Monitor on 5.3 picks this up but doesn't when running 5.2

 

Would it be worth considering code in Site Monitor to ignore this file? Right now the only way I think I could avoid it is to exclude all my "admin" folders and files consider this is showing to reside right under the admin side of things.

Yes, it doesn't sound like it is anything to worry about so you might want to exclude it. There is code in the functions file where you can add it to the list to exclude.

Share this post


Link to post
Share on other sites

Yes, it doesn't sound like it is anything to worry about so you might want to exclude it. There is code in the functions file where you can add it to the list to exclude.

thanks, I'll take a look

Share this post


Link to post
Share on other sites

Hi Jack,

 

I can't setup the server cron job.

I followed your instructions, if I use the method

php /home/username/public_html/catalog/admin/sitemonitor.php X

the instance provided in x is ignored and instance 0 is always run.

 

If I use the 2nd method,

php /home/username/public_html/catalog/admin/sitemonitor.php?instance=X

I get an error saying

Status: 404 Not Found
X-Powered-By: PHP/5.3.13
Content-type: text/html
No input file specified.

 

Is there another way to run it? Or am I doing something wrong?

Share this post


Link to post
Share on other sites

I can't setup the server cron job.

I followed your instructions, if I use the method

[/code]

 

Is there another way to run it? Or am I doing something wrong?

Cron syntax can vary with the host so you need to ask yours to find out what will work on their server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now