                                SiteMonitor
                         by Jack York (aka Jack_mcs)
                         www. oscommerce-solution.com

This contribution was developed for, and tested on all osCommerce 
versions as well as with php 7.3.  

PURPOSE
------------
If someone is able to hack into your site, they can alter your files
and database which can allow them to obtain your customers information
or other important information regarding your shop. I've seen this happen
many times, thus the genesis of this contribution. This contribution
will create a record of your files so that they can be checked at a later
date. If any file has been added or deleted, or the size, timestamp or 
permissions changed, an email is sent to the shop owner listing those 
changes. The script can be ran manually, but the best way to run it is to 
set up a cron job so that the files are checked automatically on a daily 
basis. It also has the option to check for known hacker-type code. Any 
files found with suspicious code in them will be displayed. It is up to 
you to determine if the files are listed because they have been hacked 
or not. This option just gives you a place to start looking. It is highly
recommended that you get a complete backup of your shop on your computer.
This makes finding and fixing problems much easier.

WANT IT DONE FOR YOU?
Order the installation and have SiteMonitor installed and working
within 24 hours. This includes assistance with setting it up:
http://www.oscommerce-solution.com/site-monitor-p-669.html
Use the coupon code sitemonitor_discount and save 5% off of the cost
of installation.

INSTALLATION
------------
Step 1: Copy all of the files included in the admin directory of this 
        contribution to the admin directory of your shop. Only files
        intended for this contribution will be overwritten. If your
        shop is V2.3.4, Frozen or Phoenic, go to step 5.

--------------------------------------------------------------------------
Step 2: For non-module-capable shops (before 2.3.4), add the following 
        to admin/includes/languages/english.php anywhere before the last ?>

// sitemonitor text in includes/boxes/sitemonitor.php
define('BOX_HEADING_SITEMONITOR', 'SiteMonitor');
define('BOX_SITEMONITOR_ADMIN', 'Admin');
define('BOX_SITEMONITOR_CONFIG_SETUP', 'Configure');
define('IMAGE_EXCLUDE', 'Exclude');

--------------------------------------------------------------------------
Step 3: If your admin/includes/column_left.php,
  
ADD ( before the last ?> )   

  include(DIR_WS_BOXES . 'sitemonitor.php');

--------------------------------------------------------------------------
Step 4: Go to admin->Sitemonitor->Configure, setup the various settings and 
        click Update.

--------------------------------------------------------------------------
Step 5: Go to admin->Sitemonitor->Admin and click the top button. A message should
        be displayed saying that the file was ran for the first time. Then click
        on the second or third button to actually run a test. A "No mismatches found" 
        message should be displayed. If not, something is wrong with the installation. 

--------------------------------------------------------------------------
Step 6: Optional, but highly recommended: TO RUN AS A CRON JOB: See below.


That's it. When the script is ran, either manually or via cron, any 
differences will be emailed to you. Please be sure to read the Usage Notes
below before running SiteMonitor.


***************************** OPTIONAL CRON *********************************
*****************************************************************************

If you don't want to have to run it each time to check for differences, you can 
setup a cron job to have the script ran automatically. This is not required but 
is the preferred way. The following explains how to do this. Your host has to 
have this feature enabled.

To set up the cron jobs, add the following as the cron command to run the normal
file check code:

 php /home/username/public_html/catalog/admin/sitemonitor.php X

The above won't work for all hosts so try this format in that case;

 php /home/username/public_html/catalog/admin/sitemonitor.php?instance=X

where X = the number of the sitemonitor configure file to be used.

To run the hacker checking code, create another cron job using this:

 php /home/username/public_html/catalog/admin/sitemonitor_hacker_cron.php

Note that you need to change username to your username and the path to the 
sitemonitor.php file must be correct. If the above commands don't work with 
your server, please ask your host for the correct syntax.

When creating the cron job, there should also be settings for Minute, Hour, 
Day, Month and Weekday. If you place an asterisk (*) in these fields, then 
it means any time at all.  If a number is placed in that field, it means 
just that one time. For example, if you place a 10 in the minute field and 
a * in all of the other fields, the job will be ran every hour of every day 
at 10 past the hour.  Now, if you replace * in the hour field with a 12, 
the script will be called everyday at 12:10. The cron job should be ran at
least once a day.

In my experience with hacker changes, they seem to prefer changing the files in 
the early morning hours (2 - 5 AM) so I suggest running the cron job around 
5 or 6 AM. When they will make changes is, of course, unknown, but the closer you 
can get to it, the less time the changed files will be on the server. You can run
more than one cron job to reduce that even further if you want. But that increases
server load so you have to decide which is best in your situation. 


*********************** OPTIONAL VERSION CHECKER ****************************
*****************************************************************************

Install the Version Checker addon (included in the VersionChecker directory).
This is not required but wit ill allow you to see if there is a new version
of this addon available at a glance. It will also prevent some warnings from
appearing in the code.


****************************** USAGE NOTES **********************************
*****************************************************************************
- Before running SiteMonitor, go to admin->Catalog->Manufacturers and 
  admin->Localization->Languages and make sure all entries there are valid. If
  there are entries that do not belong, they will need to be deleted. But before
  doing that, select each one and look at the name of the image it uses. Then
  check your images to be sure that image doesn't exist. if it does, it needs to 
  be deleted.  

- If the script times out when first ran, it is probably due to a large number
  of files in your account and/or a server with a load timeout value set. To
  get around that, change the url to
  http://YOUR_DOMAIN_NAME/YOUR_ADMIN/sitemonitor_configure_setup.php?override=1
  and press enter. That will allow the configure section to load so that more
  files can be excluded.

- If SiteMonitor will only run if you exclude directories and you want to check
  all of them, use the "instance" option. Think of an instance as a separate
  job to run. In the Configure section you can setup any number of instances,
  each with its own set of rules. In the Admin section, you can select which
  instance to run (see above for setting up a cron job for different instances).
  Using this method of multiple instances, you will be able to monitor all of
  your files.

- The hacker test lists files that "may be" hacked files. The hackers use
  code that legitimate in some oscommerce files so it is not possible to say
  for sure if the file found is infected or not from within the program. If
  you are in doubt, compare your file with a known good one.

- In general, a hacker will usually add their code at the very beginning (first
  or second line) or the very end (last line) of a file. That is because if they 
  add it in the middle, they can't be sure it will work since the code they insert 
  it into may be conditional code. This isn't a hard and fast rule but it is almost 
  always the case, in my experience. So if you see a file in the hacker test list 
  and the line number is greater than 2 and less than the total number of lines in
  the file (you would need to click on the file name to verify that), then the file
  is probably OK.
  
- Most hacking attempts seem to occur in the early morning hours (2 Am to 5 AM). 
  This is not, in any way, a rule since hackers can attack at any time. But it seems 
  to be the case the majority of the time. So I suggest setting up the cron job to 
  run around 6 AM in the hopes of catching any changes closer to when they occur.

- If SiteMonitor won't work, it may be that you are getting some error that your host
  isn't reporting. To try and override that, find this line in admin/sitemonitor_admin.php

     $handleErrors = false;

  and change it to

     $handleErrors = true;

- If a message is displayed that says your images directory is not protected, 
  download the latest version of oscommerce and copy the .htaccess file in its
  image directory to your images directory to fix that.


************************ WHAT DO THE WARNINGS MEAN **************************
*****************************************************************************
When you are on the SiteMonitors Admin page, you may see one, or several of 
the following warnings. See below for their meaning. 

- "Your admin name is admin. That should be changed." All hackers familiar with
  oscommerce know the default name for the admin is admin and that is where 
  they start trying to get in. Renaming it will help secure your shop.

- "The file_manager.php file in admin is a security risk. It should be deleted."
  The file manager file is a known security hole and should be deleted. 

- "Database tables have changed." Hackers will add fields to a database for a 
  back way in. SiteMonitor will let you know if they have been changed (only two
  tables are currently monitored.

- "Your images directory is not protected by a .htaccess file." Another favorite 
  entry point of the hackers is images directory. It needs to be protected.

- "Your images directory contains non-image type files which is, generally, not correct."
  The images directory should never contain php or txt files. This warning is 
  saying it found at least one of these in your images directory. It should be
  removed.

************************** IMPORTANT NOTES **********************************
*****************************************************************************
1) There is a place in the configure file to load the username and password of
admin. This is needed in order to allow curl to be used. But if the configure
page is filled in while on a non-secure page, it is possible for someone to 
obtain that login information. Using curl is not required unless your server
won't allow fopen to be used. In that case, you should enable ssl for your
admin so entering this information is safe. Otherwise, the curl options in the
sitemonitor_configure.php file can be ignored (set to blank spaces).

2) Do Not set the quarantine option when first setting SiteMonitor up. Doing
so may cause all of your files to be quanrantined.


*****************************************************************************
If you have any problems or questions, please see the support thread at:
http://forums.oscommerce.com/topic/221438-sitemonitor/
