Jack_mcs Posted August 5, 2006 Share Posted August 5, 2006 (edited) If someone is able to hack into your site, they can alter your files to send them your customers information. I've seen this happen several times, thus the genesis of this contribution. This contribution will create a record of your files so that they can be checked at a later date. If any files have been added or deleted, or the size, timestamp or permissions were changed, you are notified via email. The script can be ran manually, but the best way is to set up a cron job so that the files are checked automatically. The contribution can be found here. Jack Edited August 5, 2006 by Jack_mcs jolicatellas 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
safoo Posted August 5, 2006 Share Posted August 5, 2006 Interesting contribution...definitely a great security feature. I will try it out when I get a chance Quote Link to comment Share on other sites More sharing options...
Rezolles_Net Posted August 5, 2006 Share Posted August 5, 2006 I've installed this contribution.But getting this errors: Warning: fopen(sitemonitor_reference.php): failed to open stream: Permission denied in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 94 Warning: fwrite(): supplied argument is not a valid stream resource in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 106 Cannot write to file (sitemonitor_reference.php) Hope someone will solve my problems. zwayne 1 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 5, 2006 Author Share Posted August 5, 2006 It looks like a server setting is preventing the code from creating the file. If you haven't tried to run it manually, do that (http://www.yoursite.com/admin/sitemonitor.php). If it still can't write, ask your host to see what settings they have that is preventing it. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Rezolles_Net Posted August 5, 2006 Share Posted August 5, 2006 Hurrm...I getting this error when I was trying to execute the URL manually. Quote Link to comment Share on other sites More sharing options...
Sid04 Posted August 5, 2006 Share Posted August 5, 2006 So if you at some point change a file on purpose, will it email you everytime it checks or only the first time finds the mismatch? Im assuming you could just delete the site_reference.php file after you add a new file to 'reset' what everything is compared to? Quote Link to comment Share on other sites More sharing options...
Rezolles_Net Posted August 5, 2006 Share Posted August 5, 2006 No i didn't delete site_reference.php. Any other solutions??I like this sitemonitor bcoz it can inform me if some "idiot" want to make my web upside down or stealing my customers informatios. Quote Link to comment Share on other sites More sharing options...
Sid04 Posted August 5, 2006 Share Posted August 5, 2006 Those are questions for the developer, not potential solutions for you. Not sure why you thought I was reffering to you. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 5, 2006 Author Share Posted August 5, 2006 Hurrm...I getting this error when I was trying to execute the URL manually.What does your host say about the error? Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 5, 2006 Author Share Posted August 5, 2006 So if you at some point change a file on purpose, will it email you everytime it checks or only the first time finds the mismatch?It emails everytime.Im assuming you could just delete the site_reference.php file after you add a new file to 'reset' what everything is compared to?That is correct. I thought about adding an admin section that would allow you to recreate the reference file, set the path and so on but I was trying to keep it simple. If there are a lot of requests for that option, I will add that code. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
matrix2223 Posted August 5, 2006 Share Posted August 5, 2006 Jack, Thanks for this contrib I installed it as soon as I found out about it. When I ran http://www.mysite.com/admin/sitemonitor.php a blank page shows I dont know if its supposed to do this or not thats why I am asking. Also where you change the absolute path to your own /home/bob/public_html/admin change the setting to /home/bob/public_html I am assuming you only do this once. Thank you, Eric Quote Link to comment Share on other sites More sharing options...
matrix2223 Posted August 5, 2006 Share Posted August 5, 2006 Jack, Sorry I should have read the file a little better. I found that you had to change the 0 to a 1 to display the results on the page when you run it manually. I get these results, are they good or bad? No new files found... No deleted files found... Difference found: New-> error_log 7289753 Original-> 7275493 Time Mismatch on error_log Last Changed on Saturday, 05 Aug 2006 20:43:51 GMT No permissions mismatches found... Email sent to shop owner. Thanks again, Eric Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 6, 2006 Author Share Posted August 6, 2006 The error log changing is usually normal. It won't always change but could. It can probably be safely ignored since it is a write only file. If someone hacked your site and made code changes, it would be unlikely for them to change that file. Otherwise the results you got are what you want to se. To test it, try uploading some file to your shop. Be sure it is one you don't need. Maybe upload it as zzz.php. When the script runs again you should see that file in your message. Be sure to delete the file when you are done. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted August 6, 2006 Share Posted August 6, 2006 Nice contrib, I would like to add my voice to an admin panel feature, where it can be turned on/off via admin. Quote Link to comment Share on other sites More sharing options...
Guest Posted August 6, 2006 Share Posted August 6, 2006 Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files Thank you. Quote Link to comment Share on other sites More sharing options...
Rezolles_Net Posted August 6, 2006 Share Posted August 6, 2006 Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files Thank you. what do you mean? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 6, 2006 Author Share Posted August 6, 2006 Great contrib, so easy to install too. One question when I add a example file to the admin section of the store it doesn't pick it up but it does in the root, eg it'll pick up store/zzz.php but not store/admin/zzz.php is that a problem my end or is the contrib not supposed to pick up new store/admin/ files Thank you. Edit the sitemonitor.php file and remove admin from this string. Be sure to remove the quotes and comma associated with it. Then delete the sitemonitor_reference.php file. $excludeList = array("cgi-bin","admin","downloads","images","pub","tmp","temp"); //don't check these directories - change to your liking - must be set prior to first run Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted August 6, 2006 Share Posted August 6, 2006 (edited) I've installed this contribution.But getting this errors: Warning: fopen(sitemonitor_reference.php): failed to open stream: Permission denied in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 94 Warning: fwrite(): supplied argument is not a valid stream resource in /home/rezolles/public_html/admin/sitemonitor_functions.php on line 106 Cannot write to file (sitemonitor_reference.php) Hope someone will solve my problems. maybe chmod of admin-dir prevents this from being created! create a txt file and rename it to sitemonitor_reference.php -> copy this to your /admin and then chmod this file to 777. then it should work. Edited August 6, 2006 by Sir.K.O. Quote Link to comment Share on other sites More sharing options...
Guest Posted August 6, 2006 Share Posted August 6, 2006 Just think before writing :o I got the same error as Rezolles_net -> Here's the working solution! 1. DON'T create the file sitemonitor_reference.php manually!! you already did? delete it! 2. chmod your admin directory with 777 but DON'T chmod the files within! just the directory! 3. run the script to generate the sitemonitor_reference.php 4. use the script regular as cronjob and watch bad things happen ;) if you use daily automated updates for products, you may add "images" folder to exclude list or you will get mails every day when new pictures where added -> but also good option to see if it works ;) Quote Link to comment Share on other sites More sharing options...
Rezolles_Net Posted August 7, 2006 Share Posted August 7, 2006 Just think before writing :o I got the same error as Rezolles_net -> Here's the working solution! 1. DON'T create the file sitemonitor_reference.php manually!! you already did? delete it! 2. chmod your admin directory with 777 but DON'T chmod the files within! just the directory! 3. run the script to generate the sitemonitor_reference.php 4. use the script regular as cronjob and watch bad things happen ;) if you use daily automated updates for products, you may add "images" folder to exclude list or you will get mails every day when new pictures where added -> but also good option to see if it works ;) Thanks..it's working Lol...you have to update your instructions... >_< Quote Link to comment Share on other sites More sharing options...
Sid04 Posted August 8, 2006 Share Posted August 8, 2006 (edited) I have to block out my admin directory or the script times out. Is there a way to specify not to scan certain folders within the admin directory, such as images, so that we can scan the other php files in admin and not timeout? Would something like this work? : $excludeList = array("cgi-bin","admin/images","downloads","images","pub","tmp","temp"); Edited August 8, 2006 by Sid04 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 8, 2006 Author Share Posted August 8, 2006 It should but I never tested it. You can try it though. Just delete your reference file and run it from admin. If it runs and your reference file has valid entries, then you are all set. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Sid04 Posted August 9, 2006 Share Posted August 9, 2006 What I posted above does work, just FYI. Question for you though. I can use the above and scan my admin directory minus the images folder.....all works fine. I can then run the sitemonitor.php file and it runs very quickly, but if I add a small text file on the server(just a test file so it can find something different) it times out. Why does it run SO fast if no files have changed but time out if anything has changed? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 9, 2006 Author Share Posted August 9, 2006 When a new file is added a different section of code is used to check for changes. This other section requires several passes to be made to find the changes. If the number of files being checked are large then it might time out on you. You would need to limit the files a little more until it will run without timing out. It is a server limitation and there is no easy way to code around that, other than limiting the size of the reference file. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Sid04 Posted August 9, 2006 Share Posted August 9, 2006 What actually controls the length of time until the timeout? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.