Jump to content
Latest News: (loading..)
FWR Media

[contribution] KISS FileSafe ( file security )

Recommended Posts

Robert, I see in the documentation KISS FileSale is to work with all versions. Does that include 2.3.1? Thanks....


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Robert, I have got my errors down to this one:

 


Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 835424 bytes) in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 251

 

I got a feeling that being late christmas night might have something to do with it...

 

I did get this error earlier:

 


Fatal error: Uncaught exception 'RuntimeException' with message 'SplFileInfo::getMTime() [<a href='splfileinfo.getmtime'>splfileinfo.getmtime</a>]: stat failed for /***/*****/public_html/includes/local/README' in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php:244 Stack trace: #0 /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php(244): SplFileInfo->getMTime() #1 /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe.php(99): Kiss_FileSafe_Abstract->iterate() #2 /***/*****/public_html/filesafe.php(29): Kiss_FileSafe->run() #3 {main} thrown in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 244

 

which I found was caused by the local directory being set to 444 and the readme file set to 000 :'(

 

I have the data directory set to 777 at the moment but I don't think it needs to be that high

Share this post


Link to post
Share on other sites

Still not been able to get this working - latest errors have been:

 


Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /***/******/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 240

Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 245

alternating, followed by


Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 835424 bytes) in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 238

 

Ideas would be welcomed

Edited by Xpajun

Share this post


Link to post
Share on other sites

Still not been able to get this working - latest errors have been:

 


Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /***/******/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 240

Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 245

alternating, followed by


Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 835424 bytes) in /***/*****/public_html/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 238

 

Ideas would be welcomed

 

How many files does your shop have? I can't imagine a shop big enough to create a memory issue.

 

Do you have a directory with thousands of files or images in it?

Share this post


Link to post
Share on other sites

Thank you for that Robert - it was a dual problem - firstly I do have thousands of files/images on my server but not for my store, but because my store is at root level all the domain directories were being checked as well.

 

However when I put in the large list of ignore_directories it still didn't work - also the password was not needed - that's when I found that my text editor had corrupted the .ini file turning it into a plain text file instead of a Unix Executable file - so I uploaded an original to my server and used the cPanel file manager to change it...

 

 

Works now :thumbsup:

 

 

Many thanks

Share this post


Link to post
Share on other sites

Hi

 

Just to say thank you for sharing your contribution with the rest of us - another of your easy to use contributions.

I installed this for a client on a shared server but I was met by a 'Internal Server Error' if I called the script.

 

I found by trial and error that if I changed the last line of the ini file to

 

allowed_time_before_sleep = 1

 

Then it would work just fine (may help somebody else)

 

Thanks

 

Graeme

 

p.s. we're using this to compare to the ftp logs to demonstrate to the hosting company that the hacked files are not being ftp'd by our accounts - they seem to be in denial when it comes to XSS

Edited by sakwoya

Share this post


Link to post
Share on other sites

Hi

 

Just to say thank you for sharing your contribution with the rest of us - another of your easy to use contributions.

I installed this for a client on a shared server but I was met by a 'Internal Server Error' if I called the script.

 

I found by trial and error that if I changed the last line of the ini file to

 

allowed_time_before_sleep = 1

 

Then it would work just fine (may help somebody else)

 

Thanks

 

Graeme

 

p.s. we're using this to compare to the ftp logs to demonstrate to the hosting company that the hacked files are not being ftp'd by our accounts - they seem to be in denial when it comes to XSS

 

Thanks for the report.

 

Glad it's working for you. I don't get errors for the 0.5 on the servers I tried it on but I can see that 0.5 may need to be a string "0.5" where as a digit is fine.

Share this post


Link to post
Share on other sites

Robert,

 

I,m having problems calling the reset as a url in my browser (it's never worked) I've used a get around by deleting the data file and then running filesafe again - now that is not working :rolleyes:

 

The normal working of filesafe is done by a cron job - that works ok

 

 

It would be nice to have a filesafe reset in admin or a message in the browser that tells the user that filesafe has been run/reset/has had a problem...

Share this post


Link to post
Share on other sites

Robert,

 

I,m having problems calling the reset as a url in my browser (it's never worked)

 

There's nothing there to my knowledge that would cause it "not to work" so long as the .ini settings are in place as per the instructions.

Share this post


Link to post
Share on other sites

Hi

 

I'm having a problem getting a multiple 'ignore directories[]' to work - I have in the .ini file

 

 ignore_directories[] = "aspnet_client"
ignore_directories[] = "feeds/fclose"

 

or

 ignore_directories[] = "aspnet_client"
ignore_directories[] = "feeds"

 

 

aspnet_client gets ignored by filesafe but the feeds/fclose folder throws the error:

 

Fatal error: Uncaught exception 'UnexpectedValueException' with message 'RecursiveDirectoryIterator::__construct(server-path-to/content/feeds/fclose) [<a href='recursivedirectoryiterator.--construct'>recursivedirectoryiterator.--construct</a>]: failed to open dir: Permission denied' in server-path-to/content/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php:216 Stack trace: #0 [internal function]: RecursiveDirectoryIterator->__construct('/mnt/target02/3...') #1 server-path-to/content/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php(216): RecursiveDirectoryIterator->getChildren() #2 server-path-to/content/includes/modules/kiss_filesafe/classes/kiss_filesafe.php(99): Kiss_FileSafe_Abstract->iterate() #3 server-path-to/content/filesafe.php(32): Kiss_FileSafe->run() #4 {main} thrown in server-path-to/content/includes/modules/kiss_filesafe/classes/kiss_filesafe_abstract.php on line 216

 

Any ideas as to what I am doing wrong here?

 

Thanks

 

Graeme

Share this post


Link to post
Share on other sites

 

Any ideas as to what I am doing wrong here?

 

Thanks

 

Graeme

 

Perhaps RecursiveDirectoryIterator doesn't like a PHP function name as a directory name ( fclose ) or perhaps the permissions of the directory do not allow iteration.

Share this post


Link to post
Share on other sites

Hello all,

 

Question; the .htaccess changes referred to in the install notes.

 

php_flag engine off

<Files ~ "\.(php*|s?p?html|cgi|pl|ini)$">

deny from all

</Files>

 

I looked into the current .htaccess file in 'images' - as an example and noted that it is similar to what has been suggested should be in there;

 

# $Id$

#

# This is used to restrict access to this folder to anything other

# than images

 

# Prevents any script files from being accessed from the images folder

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">

Order Deny,Allow

Deny from all

</FilesMatch>

 

If using File Safe, should we delete the current .htaccess content and replace with the KISS File Safe version, or copy it beneath the original? As well, apart from the image / cache directories, which others should be amended in this way.


Kind regards,

 

Peter...

Share this post


Link to post
Share on other sites

Hi Robert

 

I have 2 questions:

 

Like poster above I am unclear if images/.htaccess should be edited seeing as the code already in place looks very similar? what other directories do you suggest should have those edits? I use v2.3.1

 

Can both File Safe and SiteMonitor be used on the same shop?


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Robert,

 

I'm now unable to receive emails generated by the cron simply because they've contained the following in the header:

 

Received: from nobody by p15.xxxxxxx.com with local (Exim 4.69)

(envelope-from <nobody@p15.xxxxxxx.com>)

 

My host have blocked user nobody from sending email from their server to prevent the server IP gets blacklisted.

 

Is there a possibility to change it so the email doesn't contain "nobody" in the header?


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

Robert,

 

I'm now unable to receive emails generated by the cron simply because they've contained the following in the header:

 

Received: from nobody by p15.xxxxxxx.com with local (Exim 4.69)

(envelope-from <nobody@p15.xxxxxxx.com>)

 

My host have blocked user nobody from sending email from their server to prevent the server IP gets blacklisted.

 

Is there a possibility to change it so the email doesn't contain "nobody" in the header?

 

In kiss_filesafe.ini try changing the from_email to a real email.

 

from_email = "Kiss FileSafe System"

 

It does say ..

 

On some servers the below must be a real and valid email

Share this post


Link to post
Share on other sites

Yes, I've noticed that, however changing it to a real email doesn't help, still no emails.

 

Well in which case your host may have arbitrarily blocked all emails sent by PHP in which case I can't help.

Share this post


Link to post
Share on other sites

Robert,

 

can you help please?

The cron command you provide in the documentation stopped running on my server. I wonder if I could use another command?

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

After further investigation it turns out cronjob did run every day, but the filesafe script doesn't send me the email reports anymore, although it did mail me up until a few days ago.

 

I have checked the info in the ini file, all is correct, so I don't understand why it stopped mailing all of a sudden?

 

 

edited to add that when ran manually, the script does send me the emails.

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

I have finally managed to fix my issue, turns out I had this line in .htaccess: "deny from SetEnvIfNoCase User-Agent "wget/" bad_bot"

 

An old developer of mine had done that for security, but why did he consider wget a bad bot when it's a linux command?.....sorry if the question seems stupid to advanced users...


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Hello everyone, first I apologize for my English is very bad, I hope you understand.

Second, acknowledge the work and effort for all their contributions FWR. Me being helpful.

 

 

In this particular case, with the contribution KISS would do a series of questions.

I had to modify the cron and I've left it this way ...

 

/usr/local/php5/bin/php-cgi /usr/home/tes2tiendasvirtualesylogotipo/www/filesafe.php >/dev/null 2>&1

 

I also canceled a line in kiss_filesafe.ini

run_frequency =

that went some way in conflict with the patterns that I make time to chron ...

 

I wonder what you think this ...

Again, thank you very much for the work.

 

 

_____________________________________________________________________________________________________________

 

 

Hola a todos, para aquellos que entiendan mejor el castellano, por que mi inglés, es muy malo.

En segundo lugar, agradecer el trabajo y esfuerzo de FWR por todas sus contribuciones. Me están siendo de gran ayuda.

 

 

En este caso particular, con la contribución KISS quisiera hacer una serie de preguntas.

He tenido que modificar el comando cron y lo he dejado de esta manera...

 

 

/usr/local/php5/bin/php-cgi /usr/home/dominio/www/filesafe.php >/dev/null 2>&1

 

y también he anulado una linea del archivo kiss_filesafe.ini

run_frequency=

por que entraba, de alguna manera, en conflicto con las pautas de tiempo que establezco con el cron...

 

Quisiera saber que os parece esto...

De nuevo muchas gracias por el trabajo y esfuerzo.

Share this post


Link to post
Share on other sites

FWR please help.

 

I totally deleted my website and installed OsCommerce 2.3.1 after I was hacked. I want to secure my web site.

 

I performed the recommended security measures: admin folder renamed & password protected, write protected folders in the Admin Panel, and placed .htaccess files in folders.

 

I installed your Security Pro and Kiss-Filesafe programs.

 

Please clarify the Filesafe program instructions.

 

1. "Ensure that the data directory is writeable ( ...kiss_filesafe/data/)."

 

Q: My filesafe data folder is writeable (0755), but the upper folders are not, i.e. modules/... kiss_filesafe/, NOR is the kiss_filesafe/classes/ folder. Is that correct?

 

2. "Now let's protect all those writeable directories! ( *nix servers only )

In every directory that is writeable add a new .htaccess file ( images directory, cache directories etc. ) containing: -

php_flag engine off

<Files ~ "\.(php*|s?p?html|cgi|pl|ini)$">

deny from all

</Files>

 

Note: php_flag does not work if PHP is installed as a CGI e.g. fastcgi."

 

Q: I must turn the php engine off in php.ini.

 

So, should I:

--PLACE copies of the php.ini file which has the php engine turned off, AND

--PLACE .htaccess files which include the above code (minus the flag command) in ALL the ADMIN CPANEL recommended writeable folders AND in the public_html folder?

 

3. I added your recommended cron job to my host's WGet program. When the Cron job runs, IS IT BEING ROUTED THROUGH THEPLANET.COM?

 

After getting a bunch of RFI attacks and Wget malicious behavior from theplanet.com, I banned their IPs and any Wget commands via a .htaccess file in my public_html folder.

 

My access log:

174.120.41.11 - - [24/Apr/2011:12:00:02 -0500] "GET /filesafe.php?auth=xxxxxxxx HTTP/1.0" 403 - "-" "Wget/1.11.4 Red Hat modified"

 

WHOIS

IP Address: 174.120.41.11

ISP: THEPLANET.COM INTERNET SERVICES

 

I can browse to my website's url http://www.mywebsite.com//filesafe.php?auth=xxxxxxxx to manually run the /filesafe.php program, and receive an emailed report. Otherwise, I do not get emailed reports.

 

Your response to my questions and any further suggestions are appreciated.

 

Sorry this is so long and winded.

Share this post


Link to post
Share on other sites

New user checking please.

 

Installed to site running v2.2 rc2

changed ini email set data folder to 755

Loaded to directory in the mod folder as is - so the path is

 

/public_html/mystore/includes/modules/kiss_filesafe/classes/kiss_filesafe.php

 

so try to run first time http://

 

mysite/mystore/includes/modules/kiss_filesafe/classes/kiss_filesafe.php?auth=mypass

 

 

 

but get 500 error.

Have gone round and round read forum and support, rechecked all several times..

 

Please advise if you can see something I have missed..

Edited by bheard

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×