Jack_mcs Posted February 19, 2010 Author Share Posted February 19, 2010 Once I have this installed, I will just press the bottom button in admin>sitemonitor>admin, it tells me of suspected hacked files and I go open them to verify if its actually hacked if it has code similar to one's hacker use, right? Is this understanding correct? Yes, that is correct for the hacker code checking part of the contribution. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Francys Posted February 23, 2010 Share Posted February 23, 2010 Francys, on 22 February 2010 - 11:56 PM, said: Hi i have noticed this in SiteMonitor contrib(http://addons.oscommerce.com/info/4441), when i run the option check for hacked files: Checked 103 directories containing a total of 713 files. Skipped 531 files. 3 suspected hacked files found. Ficheiros Hacked Encontrados includes/modules/payment/paypal_standard.php includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Database.php includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Memcached.php Ultimate SEO URLs 5 (http://addons.oscommerce.com/info/6768) is supposed to be trusted since it's a well broadcasted contribution, i haven't made any modifications to the original files except those needed for each contribution... can anyone explain what is wrong with those files: includes/modules/payment/paypal_standard.php includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Database.php includes/modules/ultimate_seo_urls5/classes/Usu_Cache_Memcached.php Is there any hack script in these or its a false positive detection by sitemonitor and why is it showing Thanks in advance There's obviously an issue with the SiteMonitor code, I've never looked at it. The files as downloaded are just fine. Can anyone explain in a definitive way what is happening with site monitor... these 2 contribs are one of the major ones advised in this forum by the experts so it would be important to clarify this. thanks in advance Quote Link to comment Share on other sites More sharing options...
sarafina Posted February 23, 2010 Share Posted February 23, 2010 I ran sitemonitor and it listed an image as being new but I don't remember having touched it. I just deleted it because to be safe. What is the proper protocol for determining if images are safe? Quote Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 23, 2010 Author Share Posted February 23, 2010 I ran sitemonitor and it listed an image as being new but I don't remember having touched it. I just deleted it because to be safe. What is the proper protocol for determining if images are safe? If you are unsure of a file, you need to take whatever steps are necessary to be sure it is a good file. Keeping a clean set of your files on your computer means you can upload a known good copy when in doubt. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
oscuser12 Posted February 24, 2010 Share Posted February 24, 2010 Hello, when i change the setting via admin -> configure, the file sitemonitor_configure.php is not updated after pushing the update button Next, when pushed the update button, then the slashes / in the startdirectoy disappeared between the subdierctories, exam /usr/root/ -> usrroot In the exclude list also the slashes disappeared and the " and , too. Anyone recognises this? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 24, 2010 Author Share Posted February 24, 2010 If the settings are sticking it might be a permissions problem. You could try chaning the permissions on the SiteMonitor files to 755 (or 777 is your host requires it). Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥Biancoblu Posted February 24, 2010 Share Posted February 24, 2010 Hi Jack can you tell me what this means please? this morning the site monitor email said "Time Mismatch on .htaccess Last Changed on Wednesday, 24 Feb 2010 02:44:00 GMT", but I checked the file and nothing's been changed in it. At the same time there are plenty of this in the error log: ---------------- [24-Feb-2010 03:55:27] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/uploadprogress.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/uploadprogress.so: cannot open shared object file: No such file or directory in Unknown on line 0 --------------- Thanks for reading Isabella Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 24, 2010 Author Share Posted February 24, 2010 You should contact your host regarding the second error. With that type of error, it is generally a waste of time to try to locate the first. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥Biancoblu Posted February 24, 2010 Share Posted February 24, 2010 Does that mean that the second error caused site monitor to assume that .htaccess had been changed when in fact it hadn't? sorry but it's confusing. Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 24, 2010 Share Posted February 24, 2010 Does that mean that the second error caused site monitor to assume that .htaccess had been changed when in fact it hadn't? sorry but it's confusing. No, the errors have nothing to do with each other. Site monitor reported a mismatch in the date because the .htaccess file had been 'touched', whether it had been altered or not, on Wednesday, 24 Feb 2010 02:44:00 GMT. What were you doing on Wednesday, 24 Feb 2010 02:44:00 GMT? Did you even look at it? Restore it? Did your host restore all your files without telling you perhaps? Quote Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
♥Biancoblu Posted February 24, 2010 Share Posted February 24, 2010 I didn't touch the site at all on that date, and it's the only file that reports having been touched on that date. However I checked it and it hasn't been modified. So I wonder, could it be that someone from outside tried to do something to it? I'm the only one with access to my files. Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
mikenew Posted February 26, 2010 Share Posted February 26, 2010 Hi, before I get attacked I'd just like to say that I have changed all permissions to 777, 755, 666, and 644 like a trillian times, made sure my password and username were correct and ran, deleted my user name, pass, and directory to try with no curl, re-installed many times, checked my admin / include directory, and even contacted my host to tell them to fix it...they said there was probably something in the code. Hey Thanks! no kidding... can you let it work? Anyway, I still come up with these errors when I try to run it but the Manual run works fine. Example on the configuration: PHP Warning: fopen(mysite/catalog/admin/sitemonitor_configure.php) [function.fopen]: failed to open stream: Permission denied in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 349 PHP Warning: fwrite(): supplied argument is not a valid stream resource in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 359 Example on the "delete reference": PHP Warning: opendir(/home/username/public_html) [function.opendir]: failed to open dir: No such file or directory in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 162 PHP Warning: readdir(): supplied argument is not a valid Directory resource in E:\mysite\catalog\admin\includes\functions\sitemonitor_functions.php on line 164 If it is the permission problem, I'm not sure why it's not working or am I out of luck...admin folder to 777 and sitemonitor_functions.php to 666? If it's something I have to tell the host...what do I tell them to do? I'm sorry for the helplessness but I'm a complete noob. Thanks for any help. mike Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 26, 2010 Author Share Posted February 26, 2010 I didn't touch the site at all on that date, and it's the only file that reports having been touched on that date. However I checked it and it hasn't been modified. So I wonder, could it be that someone from outside tried to do something to it? I'm the only one with access to my files. Try creating a new reference file (top button in admin) and see if it happens again. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 26, 2010 Author Share Posted February 26, 2010 PHP Warning: opendir(/home/username/public_html) [function.opendir]: The username is incorrect. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mikenew Posted February 26, 2010 Share Posted February 26, 2010 The username is incorrect. Thanks for your help Jack, I truly appreciate it! The pass is defaulting incorrectly so I can't update it without an error on the configure page. I changed my name and pass a while ago and have reinstalled sitemonitor since but it still defaults to the old one. Not sure how to clear that. Quote Link to comment Share on other sites More sharing options...
tigergirl Posted February 26, 2010 Share Posted February 26, 2010 I didn't touch the site at all on that date, and it's the only file that reports having been touched on that date. However I checked it and it hasn't been modified. So I wonder, could it be that someone from outside tried to do something to it? I'm the only one with access to my files. I noticed that when I used the IP Blocker in cpanel that my htaccess file showed up as being changed in site monitor. Could this apply in your case? Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 26, 2010 Author Share Posted February 26, 2010 Thanks for your help Jack, I truly appreciate it! The pass is defaulting incorrectly so I can't update it without an error on the configure page. I changed my name and pass a while ago and have reinstalled sitemonitor since but it still defaults to the old one. Not sure how to clear that. If the admin configure section isn't working properly, it is almost certainly due to server permissions. But to get around that, just edit the sitemonitor_configure.php file directly. Just be sure not to delete anything from it. Just change the needed settings and it should work. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mikenew Posted February 27, 2010 Share Posted February 27, 2010 If the admin configure section isn't working properly, it is almost certainly due to server permissions. But to get around that, just edit the sitemonitor_configure.php file directly. Just be sure not to delete anything from it. Just change the needed settings and it should work. Hey Jack, thanks for all the help. I have updated my login and pass direcly and get a different error. Permissions are set to "777" and I'm not sure what else to do. I do have a renamed (and pass protected) admin folder...if that matters. on Delete Reference: PHP Warning: opendir(http://mysite.com/catalog/) [function.opendir]: failed to open dir: not implemented in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 162 PHP Warning: readdir(): supplied argument is not a valid Directory resource in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 164 on Execute Sitemonitor command in Admin: PHP Warning: opendir(http://mysite.com/catalog/) [function.opendir]: failed to open dir: not implemented in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 162 PHP Warning: readdir(): supplied argument is not a valid Directory resource in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 164 on Update in configure: PHP Warning: fopen(E:/mysite.com/catalog/admin/sitemonitor_configure.php) [function.fopen]: failed to open stream: Permission denied in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 349 PHP Warning: fwrite(): supplied argument is not a valid stream resource in E:\mysite.com\catalog\admin\includes\functions\sitemonitor_functions.php on line 359 Thanks for everything, Mike Quote Link to comment Share on other sites More sharing options...
♥Biancoblu Posted February 27, 2010 Share Posted February 27, 2010 (edited) I noticed that when I used the IP Blocker in cpanel that my htaccess file showed up as being changed in site monitor. Could this apply in your case? Thanks for your reply. I don't know if it has to do with the ip blocker at all, but it's not the first time my files are reported as having been changed even though I didn't touch them, and I am the only one with access to them. Edited February 27, 2010 by Biancoblu Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
♥Biancoblu Posted February 27, 2010 Share Posted February 27, 2010 Try creating a new reference file (top button in admin) and see if it happens again. That's what I did, and I also replaced the htaccess file with one from a backup (just in case, even though I saw no changes in it), so far it hasn't happened again. Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 27, 2010 Author Share Posted February 27, 2010 Hey Jack, thanks for all the help. I have updated my login and pass direcly and get a different error. Permissions are set to "777" and I'm not sure what else to do. I do have a renamed (and pass protected) admin folder...if that matters. What's in your start directory setting? Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Francys Posted February 27, 2010 Share Posted February 27, 2010 Hello can we discuss Site Monitor results here or is there a proper thread for this? well sorry if not i will post here, correct something if i'm wrong, help is apreciatted thanks, **RESULTS OF SITE MONITOR SCAN** Checked 103 directories containing a total of 859 files. Skipped 531 files. 3 suspected hacked files found. Hacked Files Found in scan modules/payment/paypal_standard.php modules/ultimate_seo_urls5/classes/Usu_Cache_Database.php modules/ultimate_seo_urls5/classes/Usu_Cache_Memcached.php Questions: 1- Why is sitemonitor skipping 531 files 2- why is paypal returning positive, i don't even have it installed, is it because of it's code although it's a safe one... 3- I know you don't comment in contributions made by others, but i'm not asking you to... i'm just asking if you agree the reason Sitemonitor is returning positive en ultimate_seo_urls5 is because it is creating cache directories (but once again they are safe) Answers will be greatly appreciated, keep up the good work and thanks. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 27, 2010 Author Share Posted February 27, 2010 Questions: 1- Why is sitemonitor skipping 531 files 2- why is paypal returning positive, i don't even have it installed, is it because of it's code although it's a safe one... 3- I know you don't comment in contributions made by others, but i'm not asking you to... i'm just asking if you agree the reason Sitemonitor is returning positive en ultimate_seo_urls5 is because it is creating cache directories (but once again they are safe) All have been answered many times in this thread and/or in the documentation, but in short: 1 - because it skips files that aren't usually hacked 2 - because it uses code that is similar to a hackers code 3 - because it uses code that is similar to a hackers code Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
drillsar Posted February 28, 2010 Share Posted February 28, 2010 I just installed this and im getting this error: Warning: chmod() [function.chmod]: Operation not permitted in /home/a6153676/public_html/drv/includes/functions/sitemonitor_functions.php on line 344 Also the start directory is where the catalog files are not admin correct? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 28, 2010 Author Share Posted February 28, 2010 I just installed this and im getting this error: Warning: chmod() [function.chmod]: Operation not permitted in /home/a6153676/public_html/drv/includes/functions/sitemonitor_functions.php on line 344 Also the start directory is where the catalog files are not admin correct? For the chmode problem, you can try the fixes mentioned in this thread. There have been several but I think the first was on the first page or two. If that doesn't work, you will need to ask your host about it since it is a permissions setting on the server. The start directory is the top level directory that you want to start scanning. That is generally the root of the shop (where your catalog files are located). Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.