Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#13 2010-11-12 00:26:37

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 975
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Stef

I installed it on one of my mulit-sites. When I go to the file panel, it appears I now have access to the files in all of the sites that are in the sites folder. Is this intended behavior?

Thanks

Mike

Offline

#14 2010-11-12 00:55:27

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 975
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Another issue that probably relates to being multi-site – the link in the alarm emailed to me doesn’t point back to the admin panel. (admin.domain.com)

Instead it was:

a href=“http://www.domain.com//index.php?event=smd_prognostics&step=smd_prognostics_ack&smd_prognostics_suppress=1”>Acknowledge alarms

Last edited by maverick (2010-11-12 00:55:47)

Offline

#15 2010-11-12 00:58:28

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,568
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

maverick wrote:

When I go to the file panel, it appears I now have access to the files in all of the sites that are in the sites folder. Is this intended behavior?

Short answer: I don’t know as I’ve never tried multi-site :-)

Long answer: it just does a recursive listing of every file below the given path(s) in File locations, so check the path there. If there’s no trailing slash it could be that it’s picking up everything at that level and below *shrug*. If it’s causing problems in multi-site you can try listing each site (comma-separated) in the File locations field. e.g. /path/to/site1/, /path/to/site2/, .... That might cut down your files list a bit. Or put the plugin on each site and monitor them all separately (which might be preferred in terms of speed), pooling the checksums files in a central dir just outside the docroot of your core install. Use the Unique prefix option for this so your checksums files don’t clash.

I’m working on speeding the plugin up a bit. Each time the timeout period has been met and the plugin determines its time to check the files, it reads the entire contents of each file you are monitoring, calculates its checksum and compares that against the stored checksum. If you have a lot of files or some large files in your monitor list, it adds to the processing time and slows your site down (admin-side and/or public side depending on the settings). For this reason, only monitor what you really need to monitor and ignore stuff you can live without or that you don’t care about too much.

I’ve not quite got my head round how this plugin should operate in a multi-site environment. Multiple databases, multiple content paths (files, images, etc) but only one set of core files, right? Do you still log into each site separately? Guess you must do. So do you install this plugin on each site separately? I guess you should do. From my (possibly misguided) five-minute think over this, I reckon the best way to run it might be one smd_prognostics per site to cover that site’s files (images, files, whatever) and then nominate one of the sites to also monitor the core files. No need to monitor the core files from all of them.

Any of that make sense? If you have any thoughts on how the plugin coiuld be improved in multi-site environments then please let me know. I’ll see what I can do to simplify things.

EDIT: yah nuts. Yeah it uses hu to return the path to the sitefor acknowledging alarms which I believe is wrong in multi-site. Hmmm. Needs some thought.

Last edited by Bloke (2010-11-12 01:00:01)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#16 2010-11-12 01:47:05

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 975
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

I’m away from the computer for the rest of the night but will try some of path suggestions when I get back.

Some things are duplicated. Some are not – like admin themes – but with the sym links it looks like the files of each them show up repeatedly. With the various sym links the files showing in the panel add up fast. As in several thousand.

That’s a lot to wade through to find the ones to monitor.

My other thought was more along privacy/security. It’s not an issue as long all the domains are for sites I run. But if I were to use it on an install powering multiple sites for various other people and they have publisher privileges it wouldn’t seem very private.

The solution may be individual installs.

Offline

#17 2010-11-12 02:07:30

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 975
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

If it would help your development I can give you a login to this multisite install. I use it as a sandbox and for a couple of personal sites – so no issues there.

Offline

#18 2010-11-12 18:53:17

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,568
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Thanks Mike, yes it might.

In the meantime, v0.12 is available. It’s highly recommended to upgrade to it and visit the Setup tab then Save you settings as there’s a new pref available. Features in this release:

  • Added file quantity check so you can now process your list of files in bite size chunks, meaning you can run it more often with fewer files each time
  • Fixed white screen of death on Files Save (binary files are now left unprocessed)
  • Improved performance

I’ve got it live on my site and it seems to be working now with public side clicks enabled. Hopefully that’s the end of the white screen of death on my site! Let me know how you get on.

Last edited by Bloke (2010-11-12 18:54:21)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#19 2010-11-12 20:59:07

thebombsite
Archived Plugin Author
From: Exmouth, England
Registered: 2004-08-24
Posts: 3,251
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Bloke wrote:

2) checking a lot of files (around 700 of them). So perhaps the script is hitting some PHP resource limit or something on the public side due to the amount of other stuff going on (guessing the load is lower on the admin side)

Is that all Stef? When I first installed the plugin I was looking at around 3500 files! It didn’t seem to want to know when I tried to select all of them so maybe there are limits that it has to work within.

Anyway I figure that I shall have to be very specific about the folders and individual files I specify for the top level directory (thebombsite) and have separate plugins in each Txp install in sub-directories. I mention that in case other users have several sub-sites.

But other than that I haven’t encountered any problems. ;)

Oh and it looks great in Vitraux, including the help docs. :)

Last edited by thebombsite (2010-11-13 01:33:50)


Stuart

In a Time of Universal Deceit
Telling the Truth is Revolutionary.

Offline

#20 2010-11-13 01:32:27

thebombsite
Archived Plugin Author
From: Exmouth, England
Registered: 2004-08-24
Posts: 3,251
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

From the Help file:-

The message delivered to you contains a link to the Acknowledgement page (which can also be reached by clicking the Alarms button from the Prognostics tab).

I did an SVN update and it sent me an email about the files that I had changed. OK so far. When I clicked on the contained link it simply took me to my site and not to admin. There was no “/textpattern/index.php” included in the link. I’m thinking that’s wrong.


Stuart

In a Time of Universal Deceit
Telling the Truth is Revolutionary.

Offline

#21 2010-11-13 09:08:28

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,568
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

thebombsite wrote:

When I first installed the plugin I was looking at around 3500 files!

Oh my giddy aunt. Didn’t your admin side slow down at all? In versions prior to v0.12 it checked every file whenever the timeout was reached so you could be waiting a long time. Not to mention the fact that the Files tab will:

  1. take ages to load
  2. take forever to do a select all, in Firefox at least: click the top file, scroll to the bottom (if you have enough wafer-thin scrollbar to grab :-) and shift-click. In mine it goes back to the top and scrolls through the entire list, selecting each file as it goes. Very boring to watch. Dunno if there’s anything the plugin can do to help here (any ideas anyone?)

Anyway I figure that I shall have to be very specific about the folders and individual files I specify for the top level directory (thebombsite) and have separate plugins in each Txp install in sub-directories.

Yes. Depending how you set it up, you might be better off selecting a smaller quantity in the main site and then install prognostics to check the specific files in each sub-dir. It’ll be way more efficient and keep your sites nippy, especially if you also set a fairly small amount of files to check each click. You can still collect all checksum files in a single dir (use the Unique prefix option) so your sites don’t get cluttered with yet more files.

When I clicked on the contained link it simply took me to my site and not to admin. There was no “/textpattern/index.php” included in the link. I’m thinking that’s wrong.

Ah, right. Well caught. If your intrusion is detected on the public side there’s no ‘texpattern’ directory in the URL so the destination URL is wrong. I’ll need to address that, thanks.

btw, there’s also a slight bug in v0.12 on the Alarms panel. Even though your files are only checked in small batches everywhere else, on the Alarms panel it’s supposed to check them all so it always gives you a complete picture of what’s been changed. It’s not doing that at the moment. Not a show stopper, but slightly annoying. Simple one-line fix; I’ll issue a new version later.

Oh and it looks great in Vitraux, including the help docs. :)

I’m checking all my plugins on both Vitraux and classic now as standard ;-)

Last edited by Bloke (2010-11-13 09:10:11)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#22 2010-11-13 15:19:54

hcgtv
Plugin Author
From: Miami, Florida
Registered: 2005-11-29
Posts: 2,721
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

Upgraded to v0.12 on PHPXref, noticing a lag on a page where I have feeds supplied by SimplePie. The feeds page does display, but it takes about 10 seconds, where it should be displayed instantly, since the feeds are refreshed every hour via a cron job.

This site is running TxP 4.2.0, should I upgrade to 4.3.0?

Edit: A couple of sites are feeding slowly this morning, so it’s not the plugin.

Last edited by hcgtv (2010-11-13 15:42:58)

Offline

#23 2010-11-13 15:47:43

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,568
Website GitHub

Re: smd_prognostics: monitor your Txp installation for suspicious activity

hcgtv wrote:

noticing a lag on a page where I have feeds supplied by SimplePie.

Hmm, the plugin shouldn’t care about the content. In theory it just runs and quits. TXP 4.3.0 might help, but the only major difference is the fact that the prefs work nicer so I doubt that’ll help.

Questions:

1) How many files are you monitoring, out of how many overall?
2) What’s the plugin timeout value?
3) How many files per run are you processing?
4) Have you saved the prefs since you upgraded? The new setting won’t take effect until you Save
5) What priority is the plugin? Does it make any difference if you back it off a bit?
6) Is there anything else on that Page that you think might interfere? If you can post the code or any relevant form snippets it might help me figure out what’s causing this
7) If you disable the plugin does the page consistently load quickly?

Very odd behaviour in all. Will have to put me thinking cap on based on your findings from the above questions. Thanks in advance.

Edit after reading your edit: oh, ok. Must admit that the Internet is horribly slow here today. Think there may be some global DNS/router issues somewhere. It’s horrendous.

Last edited by Bloke (2010-11-13 15:48:57)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#24 2010-11-13 16:35:23

maverick
Member
From: Southeastern Michigan, USA
Registered: 2005-01-14
Posts: 975
Website

Re: smd_prognostics: monitor your Txp installation for suspicious activity

maverick wrote:

With the various sym links the files showing in the panel add up fast. As in several thousand.

thebombsite wrote:

I was looking at around 3500 files!

Bloke wrote:

Oh my giddy aunt.

Ditto on Stuarts number — when I said several thousand, mine was 3546.

# take ages to load

Surprisingly, not as bad as you might think

  1. take forever to do a select all,

Keyboard shortcut to select all was speedy. However, selecting all led to the white page of death. Selecting a smaller amount of files worked okay.

thebombsite wrote:

When I clicked on the contained link it simply took me to my site and not to admin. There was no “/textpattern/index.php” included in the link. I’m thinking that’s wrong.

maverick wrote:

a href=“http://www.domain.com//index.php?event=smd_prognostics&step=smd_prognostics_ack&smd_prognostics_suppress=1”>Acknowledge alarms

Ditto – I noticed that even if I had used a traditional admin install (domain.com/textpattern), that “textpattern” was missing from the url (see above). Though my url did give the index.php

Bloke wrote:

EDIT: yah nuts. Yeah it uses hu to return the path to the sitefor acknowledging alarms which I believe is wrong in multi-site. Hmmm. Needs some thought.

Other plugins are running into the same issue

The “ihu” for hosting images on a subdomain is what made me wonder if creating another preference for the admin subdomain url would work.

Bloke wrote:

Thanks Mike, yes it might.

I have to take off again for a while, but I’ll set up a login and send it as soon as I get a chance.

Mike

Offline

Board footer

Powered by FluxBB