VAZ2121 Posted August 12, 2010 Share Posted August 12, 2010 Hi I have just installed this Add-On. In Admin I select Tools, Banned IP. Then this is written on top of the page: Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/customers/mysite.com/mysite.com:/var/www/diagnostics:/usr/share/php) in /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php on line 165 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php:165) in /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php on line 102 I am also not able to Insert (Ban) an IP (a lot of warnings appear) The same warnings appear when i select the meny PHPIDS Log. This meny does work OK though. Any ideas ?. Quote Link to comment Share on other sites More sharing options...
celextel Posted August 13, 2010 Author Share Posted August 13, 2010 Hi I have just installed this Add-On. In Admin I select Tools, Banned IP. Then this is written on top of the page: Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/customers/mysite.com/mysite.com:/var/www/diagnostics:/usr/share/php) in /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php on line 165 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php:165) in /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php on line 102 I am also not able to Insert (Ban) an IP (a lot of warnings appear) The same warnings appear when i select the meny PHPIDS Log. This meny does work OK though. Any ideas ?. You need to verify as to whether you have done the following: Step-B: Admin 5. Important: Before going to the next step, browse admin/phpids_installer.php file after admin log-in. This installer would create the tables for PHPIDS Log and Banned IP. It would also insert the PHPIDS main configuration to database automatically. Delete this file after installation. Check whether the TABLE_PHPIDS and TABLE_BANNED_IP exist in your MySQL db. Quote Link to comment Share on other sites More sharing options...
VAZ2121 Posted August 13, 2010 Share Posted August 13, 2010 You need to verify as to whether you have done the following: Step-B: Admin 5. Important: Before going to the next step, browse admin/phpids_installer.php file after admin log-in. This installer would create the tables for PHPIDS Log and Banned IP. It would also insert the PHPIDS main configuration to database automatically. Delete this file after installation. Check whether the TABLE_PHPIDS and TABLE_BANNED_IP exist in your MySQL db. 1. I did run the admin/phpids_installer.php. That file also gave the same warnings, but it also gave me the success-messages that the tables were created. 2. I have just re-checked the following: The Banned IP I tried to insert does get inserted (inspite of all the warnings). I just had to re-load the page to see the results ! It works OK. Afterall, it's just "warnings", the code seems to work as it should. 3. I will later check the 2 MySQL-tables, to see if they are not exactly created as the phpids_installer.php told them to be. So now it's not so critical. It would be nice to see my admin running without warnings. Quote Link to comment Share on other sites More sharing options...
celextel Posted August 13, 2010 Author Share Posted August 13, 2010 1. I did run the admin/phpids_installer.php. That file also gave the same warnings, but it also gave me the success-messages that the tables were created. 2. I have just re-checked the following: The Banned IP I tried to insert does get inserted (inspite of all the warnings). I just had to re-load the page to see the results ! It works OK. Afterall, it's just "warnings", the code seems to work as it should. 3. I will later check the 2 MySQL-tables, to see if they are not exactly created as the phpids_installer.php told them to be. So now it's not so critical. It would be nice to see my admin running without warnings. We have this in 5 of our Live Shops and we do not have this type of problem in any of them. Check whether the tables have been created correctly. Hope you have PHP 5 in your server. This would not work in PHP 4. Quote Link to comment Share on other sites More sharing options...
VAZ2121 Posted August 13, 2010 Share Posted August 13, 2010 We have this in 5 of our Live Shops and we do not have this type of problem in any of them. Check whether the tables have been created correctly. Hope you have PHP 5 in your server. This would not work in PHP 4. The problem is solved The Add-on inculdes 3 files (admin/banned_ip.php and admin/phpids_installer.php and admin/phpids_report.php) All 3 files has some error-reporting turned on. Take a look at this: <?php /* $Id: phpids_installer.php PHP Intrusion Detection System for osCommerce PHPIDS for osCommerce 1.6 Date: June 13, 2010 Created by celextel - www.celextel.com Module to include PHPIDS into osCommerce to log and prevent intrusions osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2010 osCommerce Released under the GNU General Public License */ error_reporting(E_ALL); ini_set('display_errors', '1'); require_once('includes/application_top.php'); // create phpids table if it does not exist mysql_query("DESC ". TABLE_PHPIDS .""); if (mysql_errno()) { mysql_query("CREATE TABLE IF NOT EXISTS ". TABLE_PHPIDS ." ( ..... The first 2 commands are error_reporting(E_ALL); ini_set('display_errors', '1'); I removed those 2 commands from the 2 files in my admin/ and now there are no more warnings. As you also can see, the following command mysql_query("DESC ". TABLE_PHPIDS .""); will generate an error (if the table is not present in the db) hence giving me an error/warning massages when executing. Are any of the 2 commands needed ?, or may I just delete them both ? Quote Link to comment Share on other sites More sharing options...
celextel Posted August 14, 2010 Author Share Posted August 14, 2010 The problem is solved The Add-on inculdes 3 files (admin/banned_ip.php and admin/phpids_installer.php and admin/phpids_report.php) All 3 files has some error-reporting turned on. I removed those 2 commands from the 2 files in my admin/ and now there are no more warnings. As you also can see, the following command mysql_query("DESC ". TABLE_PHPIDS .""); will generate an error (if the table is not present in the db) hence giving me an error/warning massages when executing. Are any of the 2 commands needed ?, or may I just delete them both ? As such error reporting codes are not required. But we have kept them to find out the errors while testing at our end. It would also help you to trace the errors. Hiding errors does not solve the actual problem. You need to make sure that you have set the correct folder path at: Configuration > Sessions > Session Directory in Admin. Full path should be give here of the cache or tmp directory. Make sure that this cache or tmp directory is writable [777]. Keep the error reporting code and correct this error. Quote Link to comment Share on other sites More sharing options...
VAZ2121 Posted August 14, 2010 Share Posted August 14, 2010 (edited) As such error reporting codes are not required. But we have kept them to find out the errors while testing at our end. It would also help you to trace the errors. Hiding errors does not solve the actual problem. You need to make sure that you have set the correct folder path at: Configuration > Sessions > Session Directory in Admin. Full path should be give here of the cache or tmp directory. Make sure that this cache or tmp directory is writable [777]. Keep the error reporting code and correct this error. My Cache was turned off. I created the tmp directory (named it tmp and set permissions to 777), wrote the full path, and turned cache ON. Now I can see files begin to appear in my tmp-directory = It works. But I still get the warnings ! The problem is this command: ini_set('display_errors', '1'); I have not found this command in any other PHP-files. Are you absolutely sure you have this in your "normal" installation. It looks very much like something for debugging. Edited August 14, 2010 by VAZ2121 Quote Link to comment Share on other sites More sharing options...
celextel Posted August 14, 2010 Author Share Posted August 14, 2010 My Cache was turned off. I created the tmp directory (named it tmp and set permissions to 777), wrote the full path, and turned cache ON. Now I can see files begin to appear in my tmp-directory = It works. But I still get the warnings ! The problem is this command: ini_set('display_errors', '1'); I have not found this command in any other PHP-files. Are you absolutely sure you have this in your "normal" installation. It looks very much like something for debugging. Yes, we have this for debugging. You could remove it. cache is different. You have to set the full path in: Configuration > Sessions > Session Directory Quote Link to comment Share on other sites More sharing options...
VAZ2121 Posted August 14, 2010 Share Posted August 14, 2010 Yes, we have this for debugging. You could remove it. cache is different. You have to set the full path in: Configuration > Sessions > Session Directory OK, thanks, I will remove this line. (In your next upload to the "contributions", remove the line in the 3 files - so others don't get confused - like me :-) I have set the full path! It works fine. Everything works 100% now Thank you very much for your help. It's a great add-on (during the 4 days I have tried it, I have allready captured 2 intruders - and banned them). Thanks (again), you are doing a great job with this add-on. Quote Link to comment Share on other sites More sharing options...
brentmags Posted August 20, 2010 Share Posted August 20, 2010 Hi...i will soon see if this goes in the correct space, but have been reading through quite a few of these posts to find things similar and disimilar and copying and pasting code to see if it gets rid of the issue before me. i followed the installation process uploading i would believe to the correct locations. CMOD'd that folder and txt file, and under Step B - Admin number 5 all of this worked a charm, i.e. i see everything in admin/configuration and admin/tools with tables created in IP ban and PHPids log step C & D (incidentally run FWR Security Pro) so made sure that the code was correct in catalog/inculdes/application_top.php it was with the testing that i came unstuck. I entered both of the variables for both TEST 1 & 2 and when i pushed enter nothing changed. I still viewed my normal default cart screen or variables of it. In the process of following steps to make my cart safe i have in fact renamed my admin folder. I am assuming this (for i am NEW to this all) that this contribution can/does work with a renamed admin file? OR do i revert to calling it admin, reinstall the contribution and start again. my cart is 2.2 vRC2a running on php version 5.2.5 i am going through the process of securing my cart having read in a previous post that having PHPIDS, Security Pro, Site Monitor and htaccess codes are a good start (not too sure of what the htaccess codes are but one thing at a time) any help or guidance/direction would be greatly appreciated kiwidownunder Quote Link to comment Share on other sites More sharing options...
celextel Posted August 20, 2010 Author Share Posted August 20, 2010 step C & D (incidentally run FWR Security Pro) so made sure that the code was correct in catalog/inculdes/application_top.php it was with the testing that i came unstuck. I entered both of the variables for both TEST 1 & 2 and when i pushed enter nothing changed. I still viewed my normal default cart screen or variables of it. In the process of following steps to make my cart safe i have in fact renamed my admin folder. I am assuming this (for i am NEW to this all) that this contribution can/does work with a renamed admin file? OR do i revert to calling it admin, reinstall the contribution and start again. my cart is 2.2 vRC2a running on php version 5.2.5 any help or guidance/direction would be greatly appreciated kiwidownunder PHPIDS would work irrespective of the admin folder name as it does not access any of the files in admin. 1. Make sure you have done the following: Step-E: Testing Set the Show Intrusion Result value to true in the admin settings. 2. Make sure you do not have any XSS shield codes in htaccess file. 3. If you still do not see any result while doing the testing, you need to see in the admin whether any log entries are created for those test attacks. 4. Enable error reporting by adding the following codes to your index.php: error_reporting(E_ALL); ini_set('display_errors', '1'); at the top after <?php 5. If you get the following error message: Exception: PDOException: could not find driver You need to request your hosting provider to add PDO driver. You could give them the following info regarding this: Info regarding PDO driver is at the following URL: http://forum.php-ids.org/comments.php?DiscussionID=284 http://dev.mysql.com/tech-resources/articles/mysql-pdo.html PDO requires the object-oriented capabilities of PHP 5, so PHP 5.0 or higher is a prerequisite. The PDO extension ships with binary versions of PHP 5.1 and 5.2 and is very simple to implement on most operating systems. Compiling PHP from source is the one sure way to customize PHP to your exact specifications and ensure that you have not only PDO but also the drivers you need. However, the package managers of most current Linux distributions make it easy to add support—if it's not already there. Under openSuSE (10.2) for instance, the php5-pdo module provides support for PDO and the php5-mysql module provides the PDO driver for MySQL. If you are already using MySQL with PHP you already have the PDO driver. You only need check that you have the PDO module loaded. Quote Link to comment Share on other sites More sharing options...
♥altoid Posted August 23, 2010 Share Posted August 23, 2010 Hello, today I checked my banned IP page and found this IP: 127.0.0.1. It was banned by my system on 2010-08-21 at about 0230 hours. However on the PHPIDS log there was nothing corresponding to this, nor did I get an email notice about any type intrusion. I googled 127.0.0.1 and see it is something known as a loopback address. From what I read, this is basically something not to get worked up over. Some snippets of what I read are: 127.0.0.1 is a reserved IP address corresponding to the host computer. Known as the loopback address, 127.0.0.1 is used whenever a program needs to access a network service running on the same computer as itself. Anyway, I was wondering what, if anything to do with the IP now on my banned IP list. Thanks Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted August 23, 2010 Author Share Posted August 23, 2010 Hello, today I checked my banned IP page and found this IP: 127.0.0.1. It was banned by my system on 2010-08-21 at about 0230 hours. However on the PHPIDS log there was nothing corresponding to this, nor did I get an email notice about any type intrusion. I googled 127.0.0.1 and see it is something known as a loopback address. From what I read, this is basically something not to get worked up over. Some snippets of what I read are: 127.0.0.1 is a reserved IP address corresponding to the host computer. Known as the loopback address, 127.0.0.1 is used whenever a program needs to access a network service running on the same computer as itself. Anyway, I was wondering what, if anything to do with the IP now on my banned IP list. Thanks Banned IP module also functions as a stand alone module. Perhaps it has banned you when you were trying to access one of its protected folder. This might also happen when you use SiteMonitor. Just leave that IP in the db and make it allowed so that it would not ban you again. Quote Link to comment Share on other sites More sharing options...
♥altoid Posted August 23, 2010 Share Posted August 23, 2010 Banned IP module also functions as a stand alone module. Perhaps it has banned you when you were trying to access one of its protected folder. This might also happen when you use SiteMonitor. Just leave that IP in the db and make it allowed so that it would not ban you again. I will do that. Thanks for the assistance. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
booker3672 Posted August 28, 2010 Share Posted August 28, 2010 Great add on!! quick question...when a customer checks out there ip address its being reported as a intrusion..is this normal? Quote Link to comment Share on other sites More sharing options...
♥altoid Posted August 28, 2010 Share Posted August 28, 2010 Great add on!! quick question...when a customer checks out there ip address its being reported as a intrusion..is this normal? Since I installed this add on, the only time a customer checkout was flagged as an intrusion was when the customer added text to the checkout with the size he wanted, I think it was XXS (for extra extra small), plus a number and name to go on the product. I took it that the unusual combination of letters and numbers, all legitmate though, was read as a potential intrusion and that's why it was flagged. I chose to ignore that flag. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted August 29, 2010 Author Share Posted August 29, 2010 (edited) Since I installed this add on, the only time a customer checkout was flagged as an intrusion was when the customer added text to the checkout with the size he wanted, I think it was XXS (for extra extra small), plus a number and name to go on the product. I took it that the unusual combination of letters and numbers, all legitmate though, was read as a potential intrusion and that's why it was flagged. I chose to ignore that flag. Yes, some comment strings were reported as intrusions. We need to ignore them. You could also include those variables under exclusions. Edited August 29, 2010 by celextel Quote Link to comment Share on other sites More sharing options...
midwestalice Posted September 17, 2010 Share Posted September 17, 2010 I'm having trouble with this 4. Upload this "phpids" directory to the osCommerce catalog/includes/ directory. If you upload this to some other directory, you need to change oscBasePath to this path in the includes/modules/osc_phpids.php file. I found the oscBasePath in that file, but I'm not sure what I change it to. This is what it is before the change. do I change phpids/lib to something? I do not have a catalog folder. My main directory is in the public_html/dir folder...so, do I put it in that folder? It looked like most people don't put it there. So, where would I put it? Thanks! $oscBasePath = DIR_WS_INCLUDES; $basePath = $oscBasePath . 'phpids/lib/'; $mail_from_name = STORE_NAME; $mail_from_email = STORE_OWNER_EMAIL_ADDRESS; $mail_from = 'From: ' . $mail_from_name .'<' . $mail_from_email . '>'; $mail_recipient = array(STORE_OWNER_EMAIL_ADDRESS, SEND_EXTRA_ORDER_EMAILS_TO); $mail_subject = 'PHPIDS detects an intrusion attempt at ' . $_SERVER['HTTP_HOST']; Quote Link to comment Share on other sites More sharing options...
celextel Posted September 18, 2010 Author Share Posted September 18, 2010 (edited) I'm having trouble with this 4. Upload this "phpids" directory to the osCommerce catalog/includes/ directory. If you upload this to some other directory, you need to change oscBasePath to this path in the includes/modules/osc_phpids.php file. I found the oscBasePath in that file, but I'm not sure what I change it to. This is what it is before the change. do I change phpids/lib to something? I do not have a catalog folder. My main directory is in the public_html/dir folder...so, do I put it in that folder? It looked like most people don't put it there. So, where would I put it? Thanks! $oscBasePath = DIR_WS_INCLUDES; $basePath = $oscBasePath . 'phpids/lib/'; $mail_from_name = STORE_NAME; You need not change anything here if you upload "phpids" to the includes directory. includes directory could be either under the catalog folder or directly under the website root. If you upload this to some other directory, you need to change the $oscBasePath value to the new path. Example: $oscBasePath = '/public_html/'; Do not make any other changes. Edited September 18, 2010 by celextel Quote Link to comment Share on other sites More sharing options...
♥altoid Posted October 16, 2010 Share Posted October 16, 2010 Question on alerts, I had two alerts yesterday as follows: REQUEST.BCSI-ACP COOKIE.BCSI-ACP Both for the same URL I googled this and went to a post at the PHPIDs site, but the discussion was too technical for me to understand exactly what PHPIDS was flagging out. One poster said to another that type of alert was could be ignored. Can you tell me why those actions were being flagged out by PHPIDS? The impact level was 7. Thanks Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted October 16, 2010 Author Share Posted October 16, 2010 Question on alerts, I had two alerts yesterday as follows: REQUEST.BCSI-ACP COOKIE.BCSI-ACP Both for the same URL I googled this and went to a post at the PHPIDs site, but the discussion was too technical for me to understand exactly what PHPIDS was flagging out. One poster said to another that type of alert was could be ignored. Can you tell me why those actions were being flagged out by PHPIDS? The impact level was 7. Thanks You could ignore this as the impact score is not on the higher side. Some of the intrusion alerts by PHPIDS may not be actual intrusions. PHPIDS has got its own parameter for flagging certain requests as intrusions. We need to verify each of them. Quote Link to comment Share on other sites More sharing options...
♥altoid Posted October 17, 2010 Share Posted October 17, 2010 You could ignore this as the impact score is not on the higher side. Some of the intrusion alerts by PHPIDS may not be actual intrusions. PHPIDS has got its own parameter for flagging certain requests as intrusions. We need to verify each of them. Thanks for the follow up and I will ignore that alert. This was a new type of alert for me, so I was not sure. Thank you. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
CotswoldEngraver Posted October 29, 2010 Share Posted October 29, 2010 First of all thanks for a great contribution. Installed the contribution ok and ran the installer script. I have an issue when testing. I have performed test one ok without issue. The test has completed and my ip logged. I cannot perform test 2. When i put the code into the main catalogue url i get the following error. Internet Explorer cannot read this webpage format a 406 page error is generated. I have checked the code incase i have misplaced anything but it all seems ok. Any help would be much appreciated Regards Andy Quote Link to comment Share on other sites More sharing options...
celextel Posted October 29, 2010 Author Share Posted October 29, 2010 First of all thanks for a great contribution. Installed the contribution ok and ran the installer script. I have an issue when testing. I have performed test one ok without issue. The test has completed and my ip logged. I cannot perform test 2. When i put the code into the main catalogue url i get the following error. Internet Explorer cannot read this webpage format a 406 page error is generated. I have checked the code incase i have misplaced anything but it all seems ok. Any help would be much appreciated Regards Andy Enable error reporting in your index file and see as to what error message you are getting. If you get the following error message: Exception: PDOException: could not find driver Then PDO driver file is missing in the configuration. You have to request the web hosting provider to enable this. Info regarding this are at the following URL: http://forum.php-ids.org/comments.php?DiscussionID=284 http://dev.mysql.com/tech-resources/articles/mysql-pdo.html Quote Link to comment Share on other sites More sharing options...
RafaAlepuz Posted November 17, 2010 Share Posted November 17, 2010 Hi, I have installed the PHPIDS version 1.6, when I have finished installation and can't entry in my website. It display the next message: " This page is not redirecting properly Firefox has detected that the server is redirecting the request to this address in a way that will never end. This problem is sometimes caused by disabling or refusing the receipt of cookies. " When I set to False the option 'PHPIDS Module' I work fine. That is, that I can go to my website. Why? Thanks!! Rafa Alepuz Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.