Jump to content
Jack_mcs

SiteMonitor

Recommended Posts

Hi, A CRON related request but I am not sure if it belongs here or on a completely different forum about server management.

 

I have successfully installed/configured this on 2 domains on the same hosting account. I have set up 2 CRON jobs that run once a day.

 

One of my stores now has such a huge number of images that I am encountering time-outs. I have tested running two configs. One for the main osC excluding images, the other for images only. Works like a charm.

 

Now my problem - I am limited to 2 CRON jobs only. Splitting one domain as above means I want to run three CRON jobs. I am thinking of putting the commands into a script file and just running the script as a single CRON job.

/home/www/domain1.com/shop/admin/sitemonitor.php 0
/home/www/domain2.com/shop/admin/sitemonitor.php 0
/home/www/domain2.com/shop/admin/sitemonitor.php 1

 

I have 2 questions;

  1. Is this viable?
  2. Is there a way of adding a delay between the execution of each line?

If not appropriate here, could you recommend a suitable forum?

 

P.S. I can't thank you enough for the peace of mind this brings me each morning. Occasionally the lesser important domain gets a .php file dumped in the images folder but that is protected by a run block in .htaccess so I just delete it. This contribution alone has reduced my stress/worry level no end.

Share this post


Link to post
Share on other sites

 

Now my problem - I am limited to 2 CRON jobs only. Splitting one domain as above means I want to run three CRON jobs. I am thinking of putting the commands into a script file and just running the script as a single CRON job.

 

I have 2 questions;

  1. Is this viable?
  2. Is there a way of adding a delay between the execution of each line?

P.S. I can't thank you enough for the peace of mind this brings me each morning. Occasionally the lesser important domain gets a .php file dumped in the images folder but that is protected by a run block in .htaccess so I just delete it. This contribution alone has reduced my stress/worry level no end.

I'm pleased to here it has helped you and I appreciate you mentioning it.

 

As far as cron, you can't run a script of cron jobs from a control panel. At least, I've never seen a way. I seem to recall reading something about to that by using the shell to connect to crontab, but i don't know where I saw it. I'm sure, if it is possible, it is on the web somewhere. But you may want to ask your host first.

Share this post


Link to post
Share on other sites

Why is it that the simple things in life often turn out to be complicated?

 

Taking your advice above I decided to write a simple .php file for CRON to run. The file, in theory, runs each config in turn.

<?php
/*
 $Id: sitemonitor-CRON.php,v 1.0 31-07-2112 by Paul
 Purpose - Run runSitemonitor function twice, once for each config, with delay between
*/
 require('includes/functions/sitemonitor_functions.php');
 echo "Setting variables for config 0";
 $instance = '0';
 $logFile = 'sitemonitor_log' . '_' . $instance . '.txt';
 $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt';
 echo "RUNNING config 0";
 runSitemonitor($referenceFile, $logFile, $verbose);
 echo "Sleep";
 sleep(60);
 echo "Setting variables for config 1";
 $instance = '1';
 $logFile = 'sitemonitor_log' . '_' . $instance . '.txt';
 $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt';
 echo "RUNNING config 1";
 runSitemonitor($referenceFile, $logFile, $verbose);
 echo "FINISHED";
?>

The echo statements are purely for debugging.

 

After uploading I entered the URL in the browser expecting to see the echo lines appear one at a time. The page blanked and eventually came back with

Setting variables for config 0RUNNING config 0SleepSetting variables for config 1RUNNING config 1FINISHED

I checked the logs but nothing was updated. I did not get either of the expected emails.

 

Am I missing something obvious?

 

As this is a bit off topic I do not mind if you do not wish to deal with this.

Share this post


Link to post
Share on other sites

Hi

 

I'm having a problem :/

 

whenever I make ANY change to anything in the config or admin, Like change a value or click update, or click any button from the admin page, I get the following:

 

Forbidden

 

You do not have permission to access this document.

 

 

Then, I think it crashes the server, because I cant access any page on the site (admin or catalog).. I cant even access my server via FTP.

 

Any ideas?

Share this post


Link to post
Share on other sites

Why is it that the simple things in life often turn out to be complicated?

 

Taking your advice above I decided to write a simple .php file for CRON to run. The file, in theory, runs each config in turn.

 

After uploading I entered the URL in the browser expecting to see the echo lines appear one at a time. The page blanked and eventually came back with

 

I checked the logs but nothing was updated. I did not get either of the expected emails.

 

Am I missing something obvious?

Looks like you're missing the rerequire('sitemonitor_configure... statement.

Share this post


Link to post
Share on other sites

Hi

 

I'm having a problem :/

 

whenever I make ANY change to anything in the config or admin, Like change a value or click update, or click any button from the admin page, I get the following:

 

Then, I think it crashes the server, because I cant access any page on the site (admin or catalog).. I cant even access my server via FTP.

 

Any ideas?

It's not clear to me if you are saying admin (as in the shop's admin) or Admin (as in Sitemonitor->Admin) but, in either case, it sounds like you may have some contribution installed that prevents access or maybe there is a server setting that is causing the problem. If this only started with the installation of this contribution, then it is probably the latter and you should have your host take a look at it.

Share this post


Link to post
Share on other sites

Looks like you're missing the rerequire('sitemonitor_configure... statement.

Thank you for that. All working nicely now.

 

In case anyone else wants a working copy.

<?php
/*
 $Id: sitemonitor-CRON.php,v 1.0 31-07-2112 by Paul
 Purpose - Run runSitemonitor function twice, once for each config, with delay between
*/
 require('includes/functions/sitemonitor_functions.php');
 echo "Setting variables for config 0";
 $instance = '0';
 $logFile = 'sitemonitor_log' . '_' . $instance . '.txt';
 $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt';
 echo "RUNNING config 0";
 require('sitemonitor_configure' . '_' . $instance  . '.txt');
 runSitemonitor($referenceFile, $logFile, $verbose);
 echo "Sleep";
 sleep(60);
 require('sitemonitor_configure_1.txt');
 echo "Setting variables for config 1";
 $instance = '1';
 $logFile = 'sitemonitor_log' . '_' . $instance . '.txt';
 $referenceFile = 'sitemonitor_reference' . '_' . $instance . '.txt';
 echo "RUNNING config 1";
 require('sitemonitor_configure' . '_' . $instance  . '.txt');
 runSitemonitor($referenceFile, $logFile, $verbose);
 echo "FINISHED";
?>

The results are emailed as per ususal.

 

I would recommend removing or commenting out the debugging echo lines once you have tested it.

Share this post


Link to post
Share on other sites

As I have previously stated, this is one of the best 'peace of mind' contributions I have running.

 

Unfortunately one of my less important domains is regularly hit by script kiddies dropping PHP files and other into the store/images folder. I confess that I do not have all available security addons installed but have changed every password including FTP and SSH without success. Without Site Monitor running as a CRON job I could have a lot of problems.

 

Cleaning up after the nuisances was a pain! I eventualy tired of FTP deleting the junk so slowly eveolved the following that may be of use to anyone in a similar situation.

 

I added a .htaccess file in the store/images folder to block running the files. That blocks anything other than dropping the file there in the first place. DO THIS even if you do nothing else below.

 

I then created (from Googling a lot of PHP forums etc.) a method of deleting the offending files. Once proven to work I cleaned it up and added it to whos_online.php which I always have loaded. It is fast and with whos_online.php refreshing at 30 second intervals should mean that any script kiddy is unable to run anything from the store/images folder so should give up quite quickly.

 

How to install.

 

Create a .htaccess file in the store/images folder containing the following

# $Id$
#
# This is used to restrict access to this folder to anything other
# than images
# Prevents any script files from being accessed from the images folder
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
  Order Deny,Allow
  Deny from all
</FilesMatch>

 

Create a clean-images.php file in store/admin/includes/functions containing the following

<?php
/*
 $Id: clean-images.php 10-09-2012
 Paul Gwilliam
*/
 function clean_images($mask) {
$files = glob($mask);
 if(count($files) > 0){
   foreach (glob($mask) as $filename){
	 if (file_exists($filename)){
	   echo "<p><b>$filename</b> size " . filesize($filename) . " Date/Time " . date ("d-m-Y H:i:s.", filemtime($filename)) . "</p>";
	   fclose($filename);
	   chmod($filename, 0666);
		 $do = unlink($filename);
		 if($do=="1"){ echo "<p><font color=#00ff00>The file was deleted successfully.</font></p><p><hr></p>"; }
		  else { echo "<p><font color=#ff0000>There was an error trying to delete the file.</font></p><p><hr></p>"; }}
	 else {
	   echo "<p>****** The file $filename does not exist ****** </p>";
	   }
	 }
   }
   else
   {
   echo "<p><font color=#00ff00>****** No " . $mask . " files found to delete ******</font></p>";
   }
 }
$mask=""
?>

Now open your store/admin/whos_online.php and look for

				  </table>
				</td>
<?php
 $heading = array();
 $contents = array();
 $heading[] = array('text' => '<b>' . TABLE_HEADING_SHOPPING_CART . '</b>');

Add the following before the </table>

					<tr>
					  <td class="smallText" colspan="9">
						<?php
						// Begin Clean Images Folder (uses includes/functions/clean-images.php)
						$path_to_file = "../images";
						chdir($path_to_file);
						$mask = "*.php";
						clean_images($mask);
						$mask = "*.cgi";
						clean_images($mask);
						$mask = "*.pl";
						clean_images($mask);
						$mask = "*.html";
						clean_images($mask);
						$mask = "*.shtml";
						clean_images($mask);
						$path_to_file = "../admin";
						chdir($path_to_file);
						// End Clean Images Folder
						?>
					  </td>
					</tr>

This can easily be modified to add other file types if desired.

 

If you have found the correct placing it should add the output just after the section that informs you of your IP address.

 

Test it by FTPing a few PHP or other files into your store/images folder.

 

Suggestions on how to block the offending files being added in the first place would be welcom by PM as I do not wish to clutter this thread with irrelevant chatter.

Share this post


Link to post
Share on other sites

Hi, I am unable to upload the sitemonitor_functions.php file. Everything else were uploaded fine, but not this one. Does anyone else has the same problem? Called my host and they said the file may be corrupt. Tried creating a new file and copied content over; no use. Please help!

Share this post


Link to post
Share on other sites

Hi, I am unable to upload the sitemonitor_functions.php file. Everything else were uploaded fine, but not this one. Does anyone else has the same problem? Called my host and they said the file may be corrupt. Tried creating a new file and copied content over; no use. Please help!

No, there's nothing in the contribution that would cause the upload to fail. Your server software may be detecting it as a virus or the functions directory may be protected from such changes. Either way, this is a server issue. I suggest you send the file to your host and ask them to try uploading it,

Share this post


Link to post
Share on other sites

Can anyone help with a script problem?

 

I have set up cron jobs to run sitemonitor.php (permisiions set to 744) for each domain daily. The report is emailed to me. Today the reports contained a list of files as below.

Found a new file named shop/admin/fckeditor/editor/css/index.php
Found a new file named shop/admin/includes/boxes/index.php
Found a new file named shop/admin/includes/local/index.php
Found a new file named shop/googlesitemap/Google-XML-Sitemap-Feed/index.php
Found a new file named shop/googlesitemap/media/index.php
Found a new file named shop/images/default/index.php
Found a new file named shop/images/infobox/index.php
Found a new file named shop/includes/local/index.php

This was going to take a while to delete manually using FileZilla so I decided to write a script as follows.

rm /home/www/<mydomain>/shop/admin/includes/boxes/index.php
rm /home/www/<mydomain>/shop/admin/includes/functions/index.php
rm /home/www/<mydomain>/shop/admin/includes/languages/english/modules/index.php
rm /home/www/<mydomain>/shop/admin/sitemonitor_log_022_12_2012.txt
rm /home/www/<mydomain>/shop/admin/sitemonitor_log_023_12_2012.txt
rm /home/www/<mydomain>/shop/admin/sitemonitor_log_024_12_2012.txt
rm /home/www/<mydomain>/shop/admin/sitemonitor_log_025_12_2012.txt
rm /home/www/<mydomain>/shop/admin/sitemonitor_log_026_12_2012.txt
rm /home/www/<mydomain>/shop/admin/sitemonitor_log_027_12_2012.txt
rm /home/www/<mydomain>/shop/Images/Seed and Bugle/Mixed/index.php
rm /home/www/<mydomain>/shop/webim/js/source/index.php

Unfortunately each line returned an error as follows

rm: cannot remove `/home/www/<mydomain>/shop/admin/fckeditor/editor/_source/internals/index.php\r': No such file or directory

I had used ConTEXT as the editor which has never caused issues before yet running the script appears to have appended \r to each line. I viewed it in vi and could see no odd characters so believe it is 'clean'.

 

Any ideas?

Share this post


Link to post
Share on other sites

have installed this on 2.3.1

 

i get to the configure page and click update,

 

its then given me a 'No access permitted to this document'

 

and seems to have crashed/ barred me not only from the site but the server also. cant even access via ftp to reverse this contribution.

 

any ideas on this ? help please :(

Edited by benny2012

Share this post


Link to post
Share on other sites

This was going to take a while to delete manually using FileZilla so I decided to write a script as follows.

 

rm: cannot remove `/home/www/<mydomain>/shop/admin/fckeditor/editor/_source/internals/index.php\r': No such file or directory

 

Any ideas?

The error is saying it can't find the location. The code you mention doesn't list that location so I'm guessing there is more than what you showed. You should check that location on the server to be sure it actually exists. But the easier way to remove the files is to run the hacker test, find those files and check the delete box. When you click on update they will all be removed.

Share this post


Link to post
Share on other sites

have installed this on 2.3.1

 

i get to the configure page and click update,

 

its then given me a 'No access permitted to this document'

 

and seems to have crashed/ barred me not only from the site but the server also. cant even access via ftp to reverse this contribution.

 

any ideas on this ? help please :(

I can't imagine how it would crash the site since it only affects files in admin and the database isn't touched. My guess is that the server or some other addon you have installed has blocked you or your browsers cache is hung-up. Try opening the site in another browser and see if that helps. As for the original problem, it may be that the settings on the server won't allow changes that SiteMonitor is trying to make. Many hosts will adjust that if you ask them though. So I suggest getting your site working again and then if the problem with SiteMonitor still exists, contact your host to have them look at it.

Share this post


Link to post
Share on other sites

well the contribution was deemed a php injection atack by my host/server.

 

had to remove the rule, just to gain access.

 

even with the rule turned off. it still gives me no permission message as above.

 

iv checked permissions on the file and it ok, so no idea why i cant update the config

 

iv uninstalled it for now until some answers :) many thanks in advance

Edited by benny2012

Share this post


Link to post
Share on other sites

well the contribution was deemed a php injection atack by my host/server.

 

had to remove the rule, just to gain access.

 

even with the rule turned off. it still gives me no permission message as above.

 

iv checked permissions on the file and it ok, so no idea why i cant update the config

 

iv uninstalled it for now until some answers :) many thanks in advance

 

the above is after i contacted host, they turned off a few things, so i could install thsi or try to update the config, but as above it still gives me access denied

@@Jack_mcs

Share this post


Link to post
Share on other sites

well the contribution was deemed a php injection atack by my host/server.

 

had to remove the rule, just to gain access.

 

even with the rule turned off. it still gives me no permission message as above.

It's a hosting problem. They need to adjust the settings so the files can be written to. deleted and added.

Share this post


Link to post
Share on other sites

they turned off all the rules i had enabled , all access is granted, just on that one file it wont allow me to complete to update section

Share this post


Link to post
Share on other sites

There's noting in the code that would cause that, that I can think of. It has happened before and it always turns out to be the server settings. You need to have your host look at the actual problem. That is, have them go to admin and click on the button that is causing the problem. They are the only ones that can do anything about it.

Share this post


Link to post
Share on other sites

hi Jack

 

thanks for that, i had them take a look, and they cant see anything wrong with any settings.

 

no probs tho, il move on from this one and try again later :) thanks for your help tho , much appreciated

Share this post


Link to post
Share on other sites

Hello to all,

From installation file:

"Step 6: Go to admin->Sitemonitor->Admin and click the top button. A message should

be displayed saying that the file was ran for the first time. Then click

on the second or third button to actually run a test. A "No mismatches found"

message should be displayed. If not, something is wrong with the installation."

 

I am working from File manager.How to complete this step?I am going at admin/sitemonitor_admin.php,but where is the button from the top which launch it for the first time?I am locked here.

 

Proposal for moderators: It would be greater for OScommerce product, if this forum can have a video section and see there how to fully install all the software, especially security add ons.

I tried 2 years ago to create an oscommerce, but I failed. Now I come back more insistent. :)

Many thanks in advance.

Edited by alexman

Share this post


Link to post
Share on other sites

I am working from File manager.How to complete this step?I am going at admin/sitemonitor_admin.php,but where is the button from the top which launch it for the first time?I am locked here.

There are four buttons on SiteMonitors admin page. If you are not seeing them, then you can't be on that page. Check the url and make sure that is the page you are on.

Share this post


Link to post
Share on other sites

Hi.

 

I know that I've done something wrong, but after an upgrade from version 1.2 (I think) to teh latest 3.2, I now don't have an option on the left colum called SiteMonitor.

 

I presume that it's all down to the file in admin/include/boxes/

I had a look at this, to my eye it looks like it's missing something.

 

<?php
/*
 $Id: sitemonitor.php,v 1.00 2006/09/24 by Jack_mcs
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com
 Copyright (c) 2010 osCommerce
 Released under the GNU General Public License
*/
 $cl_box_groups[] = array(
   'heading' => BOX_HEADING_SITEMONITOR,
   'apps' => array(
  array(
    'code' => FILENAME_SITEMONITOR_ADMIN,
    'title' => BOX_SITEMONITOR_ADMIN,
    'link' => tep_href_link(FILENAME_SITEMONITOR_ADMIN)
  ),
  array(
    'code' => FILENAME_SITEMONITOR_CONFIG_SETUP,
    'title' => BOX_SITEMONITOR_CONFIG_SETUP,
    'link' => tep_href_link(FILENAME_SITEMONITOR_CONFIG_SETUP)
  )
   )
 );
?>

 

 

If that's right, then there's something else wrong. Any ideas?

Share this post


Link to post
Share on other sites

That's a huge jump and many things were changed between the two versions so my guess is that you didn't upload all of the new files or made some mistake in the changes. I suggest you run through the installation again with the thought that it is a new installation.

Share this post


Link to post
Share on other sites

Doh.

 

I copied the files from the wrong folder.

I'd upgraded my shops from old versions and spent about a week upgrading them manually to what I thought was 2.3, but it's not quite. That was some time ago.

 

The files from oscommerce_MS2_or_RC2 seem to work loads better.

 

Sorry about that.

 

:-

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×