Jack_mcs Posted October 5, 2009 Author Share Posted October 5, 2009 The initial configure page should load, even though the settings may not be correct. It may be that it is timing out due to a large number of files in your account. If you have access to the error log, it might tell you what the problem is. Otherwise, your host should be able to tell you why it is failing. Don't ask for help with the script since most won't help. Explain that it is a commonly used script and that you want to know what is causing that error, which is a common, catch-all type of error. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
alba Posted October 7, 2009 Share Posted October 7, 2009 Jack Is there any way of setting specific files to ignore in the hack check? for example each time i run it on a clients site they get: Checked 217 directories containing a total of 1253 files. Skipped 831 files. 11 suspected hacked files found. Hacked Files Found affiliate_show_banner.php admin/database_admin.php admin/includes/configuration_cache.php admin/includes/classes/mime_decode.php admin/includes/javascript/tiny_mce/plugins/paste/js/pasteword.js admin/includes/javascript/tiny_mce/plugins/template/template.htm admin/includes/javascript/tiny_mce/themes/advanced/js/about.js includes/application_top.php includes/boxes/calendar.php includes/classes/seo.class.php includes/modules/payment/paypal_ipn.php and none of these files are suspect Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 7, 2009 Author Share Posted October 7, 2009 In admin/includes/functions/sitemonitor.php, find this line $excludeFileArray[] = 'sitemonitor_functions.php'; and insert another below it with the name of the file you want to exclude, like $excludeFileArray[] = 'application_top.php'; Doing that is probably OK if you know you are starting off with a clean setup of files. Otherwise, it defeats the purpose of the code. I plan to add some code to control that better at some point. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Evolved Posted October 9, 2009 Share Posted October 9, 2009 Hello Jack, I wasn't getting any emails from site monitor so I started digging around. Seems like the generated emails were considered to be junk emails by the host. At least that's my explanation for it. I changed the message strings that compose the final email message '$msg' in 'sitemonitor_functions.php', now it is working. Might be of help to some folks out there. Making these string customizable could solve this issue for non-programmers. Very nice contrib, thank you Jack. Regards Evolved Quote Link to comment Share on other sites More sharing options...
♥Dan Cole Posted October 10, 2009 Share Posted October 10, 2009 Jack I was reading through another thread and a Steve_S suggested using this bit of code on a php page to see what errors were being generated... error_reporting(E_ALL); ini_set("display_errors", 1); You might recall that I was getting a HTTP 500 error whenever I tried to run your sitemonitor_configure_setup routine. In any case I decided to add the code I posted above to sitemonitor_configure_setup.php to see what would happen and low and behold this was echoed to the screen... Fatal error: Cannot redeclare microtime_float() (previously declared in /includes/auto_backup_db.php:45) in /includes/functions/sitemonitor_functions.php on line 396 As you'll see there is a conflict with spooks auto_backup contribution in that both contributions seem to declare some microtime_float function. I know this isn't really your issue but I'm wondering if you might have a solution or could offer a suggestion as to how I might change sitemonitor_configure_setup to get past this. Thanks in advance... Dan Quote Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 10, 2009 Author Share Posted October 10, 2009 It's already been addressed in this thread. Either read back through it or use the search box below to find it. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥Dan Cole Posted October 11, 2009 Share Posted October 11, 2009 It's already been addressed in this thread. Either read back through it or use the search box below to find it. Thanks Jack...I found the post I needed regarding the function that was being declared twice and got that sorted out. My next problem was with the reference file and I discovered that I needed to charmod my admin directory to "777" to get it to work. I was under the impression that none of my permissions should be set that highly and I'm wondering if that directory needs to be set that way or if there is some other solution that will get the reference file set up without having to do that? Dan Quote Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 11, 2009 Author Share Posted October 11, 2009 (edited) No, that's not a good idea, especially for the admin directory. Unfortunately, some hosts have their servers setup so that directories have to have 777 to run. But it could be an ownership problem in your case. If your images directory in the root does not require 777, then that is what it is. You should contact your host and see if they will fix that. But if your images directory requiress 777 too, then it is how the server is setup and you are out of luck, unless you move to a more secure host. Edited October 11, 2009 by Jack_mcs Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥Dan Cole Posted October 11, 2009 Share Posted October 11, 2009 Thanks Jack. I'll raise it with my ISP. BTW, thanks also for the excellent contribution. With the reference file issue sorted out the program is working like a champ. Next on my list of things to do is to figure out how to get a cron job to run. Thanks again... Dan Quote Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2009 Share Posted October 12, 2009 Hi Jack, I have installed V1.9 and I have been able to get most things working just fine. The one that I am having an issue with the the Manually Check for Hacked Files capabilities. When I click the button, it returns this: Warning: Invalid argument supplied for foreach() in /home/fourm3/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 402 This goes on recursively for as many directories as it finds, then chokes when it tries to use this information on these lines... Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/fourm3/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 405 It looks like line 402 is using the GLOB function to go through the directories and subdirectories, but it's choking for some reason, here's the snip: function rglob($sDir, $sPattern, $nFlags = NULL) //recursive function to get array of all files and directories { $aFiles = glob("$sDir/$sPattern", $nFlags); //get the initial directory foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call where it chokes on line 402 <<--------------- { $aSubFiles = rglob($sSubDir, $sPattern, $nFlags); $aFiles = array_merge($aFiles, $aSubFiles); } return $aFiles; } I added this: echo '<pre>$afiles'.$afiles.'</pre>'; right after the $afiles = assignment, and the results came up blank, so the code must not be getting the directory names to go through. I'm at a bit of a loss and I've searched for solutions through the rest of the forums posts, and as near as I can tell it hasn't cropped up for anyone else. Any ideas? Matt Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 12, 2009 Author Share Posted October 12, 2009 Hi Jack, Warning: Invalid argument supplied for foreach() in /home/fourm3/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 402 It might be that the DIR_FS_CATALOG in your configure file is not setup correctly. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2009 Share Posted October 12, 2009 It might be that the DIR_FS_CATALOG in your configure file is not setup correctly. That's one of the first things I checked and it appears to be formatted correctly. This is the location that it is looking for right? /home/XXXX/public_html/scart3/ I added the XXX for obfuscation and 'scart3' is the name of the installation directory, and is correct. Usually the configuration folders all require the trailing slash, but looking at the SM code, that doesn't appear to be an issue either. Does GLOB require any particular permissions? The file permissions are standard 644 (depending)and directory permissions are generally 755. Right now the owner is the user, but some of these functions require the owner to be changed to nobody. The other SM functions are working with standard user owner permissions. I changed ownership of the sitemonitor_functions.php file from one to the other without any change in the errors. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 12, 2009 Author Share Posted October 12, 2009 That's one of the first things I checked and it appears to be formatted correctly. This is the location that it is looking for right? /home/XXXX/public_html/scart3/ I added the XXX for obfuscation and 'scart3' is the name of the installation directory, and is correct. Usually the configuration folders all require the trailing slash, but looking at the SM code, that doesn't appear to be an issue either. Does GLOB require any particular permissions? The file permissions are standard 644 (depending)and directory permissions are generally 755. Right now the owner is the user, but some of these functions require the owner to be changed to nobody. The other SM functions are working with standard user owner permissions. I changed ownership of the sitemonitor_functions.php file from one to the other without any change in the errors. You can try changing this line foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) to foreach ((array)glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) and this line array_merge($aFiles, $aSubFiles); to array_merge($aFiles, (array)$aSubFiles); The second should take care of that error but I think the first is probably a server limit, like not enough memory for this script, or something like that. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2009 Share Posted October 12, 2009 You can try changing this line foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) to foreach ((array)glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) and this line array_merge($aFiles, $aSubFiles); to array_merge($aFiles, (array)$aSubFiles); The second should take care of that error but I think the first is probably a server limit, like not enough memory for this script, or something like that. FYI, I'm using PHP 5.2.9. Hey that change seemed to work, the problem I now have is bumping up the timeout limit and the memory allocation settings. I bumped up the time to 120s (up from 30s) and the memory limit to 200mb (from 80mb), but I'm still hitting the limit. I was wondering if there was a way to do a separate exclusion for the hacker check than for the file change check? Do ou have a recommendation for the execution and the memory limit? I have a decent sized server, but I have a heavily modified version of OSCMax with about 1700 files to run through when you include FCKeditor and other JS modifications I have made. I would like them to be scanned for changes, but not necessarily for hack tweeks. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2009 Share Posted October 12, 2009 I hadn't seen your other post recently on the previous page about excluding files. Will work on that. So I have been upping memory and timeout time, and I have been lowering the 2000000 number you have set, and subsequent lowering has taken there error from this: Fatal error: Allowed memory size of 209715200 bytes exhausted (tried to allocate 24 bytes) in /home/XXX/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 401 to this: Fatal error: Allowed memory size of 209715200 bytes exhausted (tried to allocate 24 bytes) in /home/XXX/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 404 Which is moving the failure point from one array to another I think. I fear that the previous changes I made to the array per your suggestion might not have fixed the original issue that I was having. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 13, 2009 Share Posted October 13, 2009 I think that I found another issue with the site traversal looking for files/directories. I have a client who created a subfolder inside of 'images' but he included commas in the folder name. example: "images/UPLOAD/Image/Products/Bottles, Openers and Wine Racks" "images/UPLOAD/Image/Products/Oak chips, beans, staves" "images/UPLOAD/Image/Products/Spoons, paddles and bags" I have added "images/UPLOAD" to the exclusion list, but this is what it is finding every time it runs into a directory with a comma in the name: Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans Difference found: New-> images/UPLOAD/Image/Products/Oak chips Original-> beans Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_67618.jpg Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_Corkscrewsmall.jpg Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_67617.jpg Difference found: New-> images/UPLOAD/Image/Products/Bottles Original-> Openers and Wine Racks/_thumbs/_67640.jpg It also goes on to find a bunch of Time Mismatches, and permission problems which is understandable if it is reading the directory name/structure wrong. What is interesting about this is that if I exclude just the "images" directory , it will skip everything just fine. But when I remove "images" and replace it with "images/UPLOAD" it finds those other subdirectories. I'm not sure why that is. I think that either way there might be a bug in reading the directory structure if it has commas. Can anyone else reproduce this issue? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 13, 2009 Author Share Posted October 13, 2009 Those are invalid directory names so the SiteMonitor code won't handle them properly, nor should it. Have your client correct the names to fix the problem. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 14, 2009 Share Posted October 14, 2009 Those are invalid directory names so the SiteMonitor code won't handle them properly, nor should it. Have your client correct the names to fix the problem. Ok I fixed those directory names and that seems to have cleared up the issue with the reference file and sitemonitor functions. I thought that there might be a possibility that the commas in the directory names was messing with the Hacker Check functions, but I am still getting the same errors. I changed the rglob() function code back to the original version and took a another look at the errors. The number of errors seems to correspond closely to the number of directories that the system is supposed to be scanning, which is an encouraging sign. As a recap, these are the errors it was returning: Warning: Invalid argument supplied for foreach() in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 406 Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 411 Warning: Invalid argument supplied for foreach() in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 406 Warning: array_merge() [function.array-merge]: Argument #1 is not an array in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 411 Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/xxxxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 411 Then at the end of the several hundred iterations, it finishes with this error: Warning: Invalid argument supplied for foreach() in /home/xxx/public_html/scart3/admin/includes/functions/sitemonitor_functions.php on line 89 (For Reference) Line 406 = foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call Line 411 = $aFiles = array_merge($aFiles, $aSubFiles); Line 89 = foreach ($aFiles as $file) It appears that the glob function is cycling through the directory structure fine, it is just having an issue loading the directory names into it's array, which is what I assume that the code changes you suggested was trying to fix. I went back and changed line 411 from $aFiles = array_merge($aFiles, $aSubFiles); to array_merge($aFiles, (array)$aSubFiles); by itself and it no longer returned an error on that line. So with that result I would assume that it is this code that is creating the infinite loop: foreach ((array)glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) Any thoughts? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 14, 2009 Author Share Posted October 14, 2009 Try changing this line foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call to this $tmpArray = glob("$sDir/*", GLOB_ONLYDIR); if (is_array($tmpArray) && ! empty($tmpArray)) foreach ($tmpArray as $sSubDir) //recursive call Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
tonymazz Posted October 14, 2009 Share Posted October 14, 2009 Those are invalid directory names so the SiteMonitor code won't handle them properly, nor should it. Have your client correct the names to fix the problem. Quote Tony Mazz Link to comment Share on other sites More sharing options...
tonymazz Posted October 14, 2009 Share Posted October 14, 2009 Hi Jack; along the lines of the directories to be ignored. I have one site that is mostly symbolic links. Is there a way to ignore them? Thanks for your efforts on this contribution. Quote Tony Mazz Link to comment Share on other sites More sharing options...
Guest Posted October 14, 2009 Share Posted October 14, 2009 Try changing this line foreach (glob("$sDir/*", GLOB_ONLYDIR) as $sSubDir) //recursive call to this $tmpArray = glob("$sDir/*", GLOB_ONLYDIR); if (is_array($tmpArray) && ! empty($tmpArray)) foreach ($tmpArray as $sSubDir) //recursive call Well, it didn't crash, but I don't think it worked either. This is the message I got from the script: Checked 1 directories containing a total of 0 files. Skipped 0 files. 0 suspected hacked files found. Is there a better place that I can put an echo to see what is being sucked into the array or a better way to debug this? My setup isn't really any different than a lot of other people, so I'm concerned that this is something that is stupid simple, and I'm just missing it. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 14, 2009 Author Share Posted October 14, 2009 Hi Jack; along the lines of the directories to be ignored. I have one site that is mostly symbolic links. Is there a way to ignore them? Thanks for your efforts on this contribution. You can try entering them into the array that stores files to ignore. I provided instructions for doing that here recently. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 14, 2009 Author Share Posted October 14, 2009 Well, it didn't crash, but I don't think it worked either. This is the message I got from the script: Checked 1 directories containing a total of 0 files. Skipped 0 files. 0 suspected hacked files found. Is there a better place that I can put an echo to see what is being sucked into the array or a better way to debug this? That would indicate the directories can't be read since glob is not returning an array. I suppose there could be something on your server preventing glob from working correctly. You could add print_r $tmpArray; to see the output but since the code is checking for that already, I don't think it will show you anything. You could try changing the initial directory set here $aFiles = rglob(DIR_FS_CATALOG, '*'); to some sub-directory that you can manipulate, like $aFiles = rglob('tmp', '*'); If that works, then you could expand the initial path until it fails. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
tonymazz Posted October 15, 2009 Share Posted October 15, 2009 In admin/includes/functions/sitemonitor.php, find this line $excludeFileArray[] = 'sitemonitor_functions.php'; and insert another below it with the name of the file you want to exclude, like $excludeFileArray[] = 'application_top.php'; Doing that is probably OK if you know you are starting off with a clean setup of files. Otherwise, it defeats the purpose of the code. I plan to add some code to control that better at some point. Hi again; I found this code to exclude a file, would this work on directories, as well? I have tried a couple variations with no luck. Here is the error I am getting for each directory that is linked: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/XXXSSS/public_html/mannix (errno=13 - Permission denied) in /home/XXXSSS/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 Thanks again... Quote Tony Mazz Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.