Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#85 2017-10-04 22:27:56

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,303

Re: smd_prognostics: monitor your Txp installation for suspicious activity

OK then

ruud wrote #307275:

For one week it’s not that much. Just keep everything up to date and ignore the attempts.

Well, OK, I thought it’s much as I look(ed) at every report email, after having silence for ages and everywhere else.


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#86 2018-07-20 20:04:55

miles
Member
From: Plymouth
Registered: 2008-05-22
Posts: 78
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

@bloke Is this plugin compatible with 4.7? I have installed it and made a few pref changes then I get blank screens on all the tabs, apart from the menu tabs at the top.

Desperate to use this plugin :)

Offline

#87 2020-10-24 23:39:47

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,373

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Hi Stef, not withstanding one rabbit-hole I’ve disappeared down today, here’s another strange one.

Recently I did some updates on the local version of my website and, in blissful ignorance, transferred everything to the live hosting thinking everything was fine. A while later I noticed a PHP parse error message on the live version.

After a bit of hacking around I discovered that if I disable smd_prognostics on the local site I see the PHP error message as well.

On both, the php.ini setting for display_errors is On. The local site’s production mode is Debugging, the live site is Live.

I know it’s not the hosting because when just using local site:

  • if smd_prognostics disabled, I see PHP errors
  • if smd_prognostics enabled, I only see PHP errors is Production Status is Live

I can see from the plugin code that smd_prognostics might be fiddling with the value of PHP’s display_errors, but can’t quite reconcile why or how it’s different when the Production Status changes.

Offline

#88 2020-12-14 01:13:29

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

New version 0.5.0 released. This is for Txp 4.7.2 and higher, and is tested as far as 4.8.5 to date.

Main changes:

  • Use site URL correctly in language string notifications.
  • Fix max_input_vars being exceeded on Files save.
  • Fix the UI panels so they occupy the full width of the display.

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#89 2020-12-14 01:20:47

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

gomedia wrote #326550:

if I disable smd_prognostics on the local site I see the PHP error message as well.

Yeah, now this is where my lack of knowledge and copy-n-paste coding came into play. The class that does all the real-time protection / input validation / checking of dodgy SQL squeries / etc was lifted directly off an ancient Google Code repo, called PhProtector. That no longer exists and I’m not sure it’s even maintained anywhere else.

If you peruse its constructor you’ll see that if you pass false into it (as this plugin does) then it turns off error display, which will override everything. Since this happens whenever the plugin runs, both public and admin sides, it pretty much trolleys any error display.

I’m not sure why the original writer of the class did that. I just copied it, because it seemed like a good idea at the time. That may have been foolhardy. What we can do is test it by hacking out that check in the constructor so it just reads:

    public function __construct($show_errors)
    {
        ini_set('log_errors', "1"); //log_errors

        $this->do_xss = get_pref('smd_prognostics_xss', 0);
    }

If that works – and I expect it’ll be just fine – then I might as well just rip that out properly and remove the parameter too from the constructor and its call at the head of the plugin. I’m not even sure if we need to log_errors either. I guess that decision should be down to the system administrator rather than a plugin!

If you get a chance to try it, by all means do so. I’ll do some testing when I can too. Sorry for the hassle.

Last edited by Bloke (2020-12-14 01:21:48)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#90 2020-12-15 22:56:49

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,373

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Bloke wrote #327479:

New version 0.5.0 released.

I’m a bit confused! I already had a version 0.5.0 installed – from a few weeks back. Is this an old new or a new new?

Also, in the admin tab:

- the “Check files …” radio is blank (sorry can’t remember if this was the case before or not)
- some of the labels need a bit of air between them and their inputs
- can’t see “Fix the UI panels so they occupy the full width of the display”

Offline

#91 2020-12-16 00:42:03

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Sorry yeah. 0.5.0 was never officially released even though I queued it up last year then forgot to push the button. So I had it installed and the version number updated in the repo but never actually made a tagged release. So I just snuck a few patches in last night under the same version number.

The “full width” thing you’d have noticed if you got an acknowledge action email. Clicking the link would take you to the acknowledge alarms page where the only visible portion of the UI was a tiny vertical sliver where the checkboxes reside on the left. I had the old 4.6 class names in the tables throughout.

And yes I need to fix up the prettiness of the setup panel. It’s always been bog ugly as I haven’t put many spaces in. I’ll tweak that and do patch release.

Weird about the check files radio. It’s supposes to default to one or the other. I’ll check that, thanks for the report.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#92 2021-09-12 00:12:52

colin99
Member
Registered: 2005-11-15
Posts: 65

Re: smd_prognostics: monitor your Txp installation for suspicious activity

“Monitoring files

Clicking the Files button takes you to a screen with a textarea that allows you to choose the files you wish to monitor. A count of the current number of monitored files is shown at the top, along with the number of files available in your chosen file location(s). The following files will be in the list:”

Don’t see this — I did a screen grab of the admin page but I see no where to attach that image…

I am running 0.5.1.


On the World Wide Web since Day 1 – Editor/Creator – Coffeecrew.comCoffee.bc.ca
Twitter – Twitter.Com/CoffeeCrew -

Offline

#93 2021-09-12 00:27:34

colin99
Member
Registered: 2005-11-15
Posts: 65

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Fixed! My paths were not quite right.


On the World Wide Web since Day 1 – Editor/Creator – Coffeecrew.comCoffee.bc.ca
Twitter – Twitter.Com/CoffeeCrew -

Offline

#94 2021-09-12 00:34:47

colin99
Member
Registered: 2005-11-15
Posts: 65

Re: smd_prognostics: monitor your Txp installation for suspicious activity

colin99 wrote #331573:

Fixed! My paths were not quite right.

Got a list of 647 files to monitor
Selected them all…
Press SAVE
404 page…


On the World Wide Web since Day 1 – Editor/Creator – Coffeecrew.comCoffee.bc.ca
Twitter – Twitter.Com/CoffeeCrew -

Offline

#95 2021-09-12 00:40:26

colin99
Member
Registered: 2005-11-15
Posts: 65

Re: smd_prognostics: monitor your Txp installation for suspicious activity

colin99 wrote #331574:

Got a list of 647 files to monitor
Selected them all…
Press SAVE
404 page…

OK – selected them in flower-arrangement bunches and it accepted that…
I try not to eat 1L of ice cream in one gulp so I guess TXP feels the same way…


On the World Wide Web since Day 1 – Editor/Creator – Coffeecrew.comCoffee.bc.ca
Twitter – Twitter.Com/CoffeeCrew -

Offline

#96 2021-09-12 09:55:39

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

colin99 wrote #331575:

OK – selected them in flower-arrangement bunches and it accepted that…

I had to do this a few times which was why I tried to get round it with this patch, although that was primarily because there were more than 1000 files in the list.

It’s conceivable that the size of the payload in your case tripped some limit in php.ini or other server variable so, yes, saving them piecemeal is the sanest option, even if it is rather annoying.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB