FrostyFred Posted December 5, 2011 Share Posted December 5, 2011 See the fix posted in the last few pages. Is this the clash between site monitor and os sec? Quote Link to comment Share on other sites More sharing options...
Taipo Posted December 5, 2011 Share Posted December 5, 2011 What version of osC_Sec are you using Fred? If its the latest, then replace the following code: replace: # Set your own x-powered-by # or leave as is header( "X-Powered-By: osC_Sec" ); with: # Set your own x-powered-by # or leave as is # header( "X-Powered-By: osC_Sec" ); Quote - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
FrostyFred Posted December 5, 2011 Share Posted December 5, 2011 Thanks for the tip, I was using the latest. I have just taken out os sec but still get Error 403: Forbidden Your PHP settings have been disabled by an H-Sphere administrator. Your current PHP configuration: This configuration was changed: Mon Dec 5 02:00:10 UTC 2011 Please bring your PHP configuration in compliance with admin settings or request your administrator to re-enable support of your settings. I can only find 1 reference to Notice: Constant HTTP_SERVER already defined in /hsphere/local/home/xxxxxxxx/xxxxxxxx.com/commerce/catalog/admin4AlBe/includes/configure.php on line 13 coopco made a reference to "Methinks that you have to use the absolute path instead of the DOCUMENT_ROOT" in http://www.oscommerce.com/forums/topic/326933-my-store-is-broken-please-help/page__view__findpost__p__1362012 But I can't see a fault. Midnight here will look again tomorrow. FF Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 6, 2011 Author Share Posted December 6, 2011 But I can't see a fault. Midnight here will look again tomorrow. FF See here. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
FrostyFred Posted December 6, 2011 Share Posted December 6, 2011 Thanks for the link but I am on 2.2. I'll try replacing the code anyway. FF Quote Link to comment Share on other sites More sharing options...
KeySoft Posted December 9, 2011 Share Posted December 9, 2011 I setup SiteMonitor on my site (cart v2.3.1) a couple weeks ago and it seems to work fine. I run it every morning but the other day (and today) when I ran it I got mismatched files in the includes/work/ folder shown below. I can see it's a cache file but it's getting changed in the early morning hours. Does anyone know if this is normal or not? SIZE MISMATCH: Difference found: New-> includes/work/rss_d9a966ba3c3261d2b4a0bddc2faa12ca.cache 7386 Original-> 4546 TIME MISMATCH: Time Mismatch on includes/work/rss_86380e70026c8af52c338ac98e375a04.cache Last Changed on Friday, 09 Dec 2011 15:00:48 GMT Time Mismatch on includes/work/rss_d9a966ba3c3261d2b4a0bddc2faa12ca.cache Last Changed on Friday, 09 Dec 2011 15:00:48 GMT Thanks Rick Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 9, 2011 Author Share Posted December 9, 2011 I setup SiteMonitor on my site (cart v2.3.1) a couple weeks ago and it seems to work fine. I run it every morning but the other day (and today) when I ran it I got mismatched files in the includes/work/ folder shown below. I can see it's a cache file but it's getting changed in the early morning hours. Does anyone know if this is normal or not? The work directory is protected, or should be, and is used for temporary files so it should be OK to exclude that directory. KeySoft and Darren11 2 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 11, 2011 Author Share Posted December 11, 2011 A new version has been uploaded. It just corrects the file that wasn't updated previously so if your 3.0 version is working, there's no reason to download this one. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
GwilliamP Posted December 17, 2011 Share Posted December 17, 2011 Will the new version fix this issue? I have 2 domains running osC RC2 on a multi-domain hosting service. Site monitor V3.0 runs fine on one but on the other I get the following when trying to "Delete Reference File". 2006 - MySQL server has gone away select count(*) as total from sessions where sesskey = '0d8e110e397489ad4ab552596153ff42' [TEP STOP] I have uploaded the files again in case one got corrupted during FTP (unlikely) but no change. Both sitemonitor_configure_0.txt and sitemonitor_db_reference.txt are set to 644. The osC set up is near identical for both domaind but the problem one has thousands more images. I have Automatic Thumbnail for osC installed and have emptied the thumbs_cache folder before running to reduce the number of files to process. Quote Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted December 17, 2011 Share Posted December 17, 2011 Jack Downloaded the latest version last night anf put it on a 2.3.1 site running under xampp. Once I get a list of suspect files clicking on them used to display the file in a pop up. Now it gives alink <td class="smallText"><a class="smallText" style="color: rgb(102, 51, 255);" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/xxx/images/osh3.php')">gwtest/xxx/images/osh3.php</a></td> When you click on it you get Warning: file(C:/Program%20Files/xampp_15/xampp/htdocs/231/gwtest/yyy/images/osh3.php) [function.file]: failed to open stream: No such file or directory in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 13 Warning: Invalid argument supplied for foreach() in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 15 Used to work fine when earlier versions used on xampp on rc2a sites. Any thoughts? Thanks G Quote Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 17, 2011 Author Share Posted December 17, 2011 Will the new version fix this issue? I have 2 domains running osC RC2 on a multi-domain hosting service. Site monitor V3.0 runs fine on one but on the other I get the following when trying to "Delete Reference File". 2006 - MySQL server has gone away select count(*) as total from sessions where sesskey = '0d8e110e397489ad4ab552596153ff42' [TEP STOP] I have uploaded the files again in case one got corrupted during FTP (unlikely) but no change. Both sitemonitor_configure_0.txt and sitemonitor_db_reference.txt are set to 644. The osC set up is near identical for both domaind but the problem one has thousands more images. I have Automatic Thumbnail for osC installed and have emptied the thumbs_cache folder before running to reduce the number of files to process. That error is one that occurs when the database is not available. It can be caused by a number of things but in this one it seems you have an error in the sessions table. SiteMonitor doesn't use the database so it can't be due to it. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 17, 2011 Author Share Posted December 17, 2011 Jack Downloaded the latest version last night anf put it on a 2.3.1 site running under xampp. Once I get a list of suspect files clicking on them used to display the file in a pop up. Now it gives alink <td class="smallText"><a class="smallText" style="color: rgb(102, 51, 255);" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/xxx/images/osh3.php')">gwtest/xxx/images/osh3.php</a></td> When you click on it you get Warning: file(C:/Program%20Files/xampp_15/xampp/htdocs/231/gwtest/yyy/images/osh3.php) [function.file]: failed to open stream: No such file or directory in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 13 Warning: Invalid argument supplied for foreach() in C:\Program Files\xampp_15\xampp\htdocs\231\admin\sitemonitor_popup.php on line 15 Where are you seeing the suspect files? Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted December 17, 2011 Share Posted December 17, 2011 sitemonitor_admin.php Checked 285 directories containing a total of 2549 files. Skipped 9336 files. 93 suspected hacked files found. Quote Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Madamservo Posted December 17, 2011 Share Posted December 17, 2011 I setup a new install using the new version of site monitor on an osCommerce store. I did everything as directed but when I get to step 5 to configure in the administrator panel and click update I get an triangle error at the top of the screen. No message. Nothing advising what needs to be corrected. The only thing I see changing are in the 3 bottom boxes for excluding files. After I click update it removes all of the hypens and commas. It's not updating and I can't get past this. Quote Link to comment Share on other sites More sharing options...
GwilliamP Posted December 17, 2011 Share Posted December 17, 2011 That error is one that occurs when the database is not available. It can be caused by a number of things but in this one it seems you have an error in the sessions table. SiteMonitor doesn't use the database so it can't be due to it. Interesting. I deleted the session using phpMyAdmin. I deleted all cookies for the domain from FireFox. Obviously I had to log in again then retried but still get the same error all be it with a new session number. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 18, 2011 Author Share Posted December 18, 2011 sitemonitor_admin.php Checked 285 directories containing a total of 2549 files. Skipped 9336 files. 93 suspected hacked files found. I tested it here and it works as always. Plus, I searched the SiteMonitor files for "rgb," which you said was related to this, and that is not used in the code - anywhere. So it seems you have sometihng changed in your installation that is causing the problem. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 18, 2011 Author Share Posted December 18, 2011 I setup a new install using the new version of site monitor on an osCommerce store. I did everything as directed but when I get to step 5 to configure in the administrator panel and click update I get an triangle error at the top of the screen. No message. Nothing advising what needs to be corrected. The only thing I see changing are in the 3 bottom boxes for excluding files. After I click update it removes all of the hypens and commas. It's not updating and I can't get past this. The triangle indicates a warning. If it is stopping there though, either you've made a mistake in the installation/setup or something on your server is preventing the code from working. If you have a file named error_log in your admin directory, read it to see what the last error is. If not, then you will need to ask your host to see what error is being reported. There's code you can add to the file to have it show the error but it many show many warnings and may confuse you more than help. But if your host refuses to help. I'll post the code here. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 18, 2011 Author Share Posted December 18, 2011 Interesting. I deleted the session using phpMyAdmin. I deleted all cookies for the domain from FireFox. Obviously I had to log in again then retried but still get the same error all be it with a new session number. I can't think of anything in the code that would cause that. All I can suggest is that you try to exclude all directories and see if it runs. If it does, then add them back in one at a time until it fails and trace from there. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted December 18, 2011 Share Posted December 18, 2011 (edited) I tested it here and it works as always. Plus, I searched the SiteMonitor files for "rgb," which you said was related to this, and that is not used in the code - anywhere. So it seems you have sometihng changed in your installation that is causing the problem. I only wish I had changed something, vanilla install with only site monitor installed. When using view generated source in FF it gives <td class="smallText"><a class="smallText" style="color: rgb(0, 0, 0); Using view source <td class="smallText" ><a class="smallText" style="color: #000" href="javascript:popupWindow('sitemonitor_popup.php The php is <td class="smallText" ><a class="smallText" style="color: <?php echo $color; ?>" href="javascript:popupWindow('sitemonitor_popup.php?<?php echo $hackedFiles[$i]['file'];?>')"><?php echo substr($hackedFiles[$i]['file'], strlen(DIR_FS_CATALOG)); ?></a></td> and gives this using view source <tr> <td class="smallText" width="14" align="center"> </td> <td class="smallText" width="24">60</td> <td class="smallText" ><a class="smallText" style="color: #ff0000" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/yyy/admin/includes/modules/newsletters/product_notification.php')">gwtest/yyy/admin/includes/modules/newsletters/product_notification.php</a></td> <td class="smallText" width="14" align="center">eval</td> <td class="smallText" width="14" align="center"> </td> <td width="6" align="center"><input type="checkbox" name="exclude_64" value="on" id="exclude_64"></td> <td width="6" align="center"><input type="checkbox" name="quaranteen_64" value="on" id="quaranteen_64"></td> </tr> <tr> <td class="smallText" width="14" align="center"> </td> <td class="smallText" width="24">0</td> <td class="smallText" ><a class="smallText" style="color: #6633FF" href="javascript:popupWindow('sitemonitor_popup.php?C:/Program Files/xampp_15/xampp/htdocs/231/gwtest/yyy/images/osh3.php')">gwtest/yyy/images/osh3.php</a></td> <td class="smallText" width="14" align="center"> </td> <td class="smallText" width="14" align="center"> </td> <td width="6" align="center"><input type="checkbox" name="exclude_65" value="on" id="exclude_65"></td> <td width="6" align="center"><input type="checkbox" name="quaranteen_65" value="on" id="quaranteen_65"></td> </tr> Could it be the spaces in "C:\Program File" or something to do with xampp/windows? Can't see why as I have had earlier versions working on xampp/xp before Cheers G Edited December 18, 2011 by geoffreywalton Quote Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 18, 2011 Author Share Posted December 18, 2011 I only wish I had changed something, vanilla install with only site monitor installed. When using view generated source in FF it gives <td class="smallText"><a class="smallText" style="color: rgb(0, 0, 0); Oh, viewing the source is a different matter and can be misleading. The code uses html color names, like sienna, so the browser is probably converting that to rgb. I'v never looked at it but that is likely the case. As for the actual code, nothing was changed between 3.0 and 3.1 regarding the hacker test. If you used an earlier version than 3.0, there was some minor changes to that part of the code but nothing that should cause your problem, that I can think of. You could try installing whichever version you had working and then try the manual upload using the update files. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
GwilliamP Posted December 18, 2011 Share Posted December 18, 2011 I can't think of anything in the code that would cause that. All I can suggest is that you try to exclude all directories and see if it runs. If it does, then add them back in one at a time until it fails and trace from there. Well spotted that man! When I started the process you suggested I found a recent change I had forgotten - I had set monitoring to start at the root (seemed sensible) rather than the store. In the root I have a 'sandbox' store plus other private areas. It all adds up to 3-4 times an osC set of files. DoooH! I will now start adding them back a bit at a time to see where it falls over. Quote Link to comment Share on other sites More sharing options...
Madamservo Posted December 19, 2011 Share Posted December 19, 2011 In the directions to you state the following: If your shop is BEFORE version 2.3, add this anywhere before the last ?> require(DIR_WS_BOXES . 'sitemonitor.php'); If your shop is AFTER version 2.3, add this before the first ?> include(DIR_WS_BOXES . 'sitemonitor.php'); What do I do if my shop version is 2.3 ? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 20, 2011 Author Share Posted December 20, 2011 In the directions to you state the following: If your shop is BEFORE version 2.3, add this anywhere before the last ?> require(DIR_WS_BOXES . 'sitemonitor.php'); If your shop is AFTER version 2.3, add this before the first ?> include(DIR_WS_BOXES . 'sitemonitor.php'); What do I do if my shop version is 2.3 ? Use the 2. 3 instructions. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Gasse1014life Posted December 20, 2011 Share Posted December 20, 2011 anything im trying , i get this error 2006 - MySQL server has gone away select last_update from admin_notes [TEP STOP] 2006 - MySQL server has gone away select count(*) as total from sessions where sesskey = 'hslkn459k0626mslu7k1tdjjk3' [TEP STOP] anyone have an idea please Quote Link to comment Share on other sites More sharing options...
Madamservo Posted December 20, 2011 Share Posted December 20, 2011 There are no 2.3 directions in the readme file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.