Joomla! Discussion Forums

Which files are being reported modified?

Hello,

I uploaded your tool and get this error message:



(line 102 = $content = file_get_contents($path . 'globals.php'); )


My error in trying to install JOOMLA yeilds this:



Any help or feedback appreciated!

Rusty

What version of php is your server running?

file_get_content is in php for quite a while now.

I'm running PHP 4.2.2.

Could it be that I've got global variables turned on?  I think I had to request our server admin to do that quite a while ago to allow some kind of open source image software to run.

That's a very old version of php (and therefor it's not working).
Can you update php to a more recent version?

Hi,  -- agreed, 4.2.2 is not the latest.  but as far as I know, Joomla requires 4.1.2.

Being old and therefore, "not working" ... ?  This version of php works fine for installations of PHPBB, PHPLIST, and on and on.  Not sure why it's "not working" for Joomla, if Joomla requires 4.1.2 ...?

I have a little bit of confusion regarding which versions of Joomla to download.  They say 1.0.12 is the latest stable version, yet the download links lead only to downloads of "stable patch package" which suggests a "patch" that upgrades a "full versoin" prevoius install.

I'm not sure why communication is not simple and clear here.  Is this version I've downloaded (1.05 meg ("Joomla_1.0.0_to_1.0.12-Stable-Patch_Package.tar.gz") a FULL VERSION or a PATCH?  If it is an upgrade patch, where do I get the complete vesion?

Anyway on this page: http://help.joomla.org/content/view/108/62/  ... it says I only need PHP 4.1.2.  So, still no explanation of fatal error on install ...??

I was only talking about the reason why Joomla Diagnostics won't work on your installation
The function file_get_contents only exists since php 4.3.0

If I was you, I still would update to a more recent version of php, a lot of security fixes have been done since the version you are running.

Joomla has a few libraries that it can call to make it work on older version as well. Will have a look at including those into Joomla diagnostics as well.

I'm not a Unix geek so there must be something more simple but this one works to build the file :

cd to your local Joomla folder and type the following line



explainations :

find . \! -type d  <--get file list without directories
-exec md5  {} \; <-- then apply md5 to each file
cut -f 2,4 -d ' '  <--remove the = sign
cut -f 2 -d '('    <--remove the opening parenthesis
sed -e 's/) / /g'  <--remove the closing parenthesis
tr " " "\t"          <--replace space with tab
sed "s/^.\///g"  <--remove the leading ./
>fileliste3.txt <--put result in filelist.txt

change filelist.txt to whatever you need (i.e. Joomla version as the naming scheme in joomla_1.0.8.txt)

Hope this helps.


Vartan

Or just use the build in generation tool
As described here: http://forum.joomla.org/index.php/topic ... #msg311635

UPDATE: I got my answer. I had to refresh without using the cache. My bad! Thanks everyone!

------------------------ >>>>
Great tool!!!! I'm installing Joomla myself on godaddy (using the godaddy manual listed on the forum). I'm installing Joomla in a sub directory. I get a Error 404 page when it tries to call lovekungfu.com/newfu/installation/index.php even though the file is on the server.

Here's the error I'm getting from the diagnostics tool...
(located at http://www.lovekungfu.com/newfu/diagnostics.php)

Error  Filename  Type
SECURITY /home/content/d/1/c/d1cedbee4q/html/newfu/includes/Cache/Lite.php File does not contain _VALID_MOS.
SECURITY /home/content/d/1/c/d1cedbee4q/html/newfu/includes/domit/xml_domit_rss_shared.php File does not contain _VALID_MOS.
SECURITY /home/content/d/1/c/d1cedbee4q/html/newfu/includes/phpmailer/class.phpmailer.php File does not contain _VALID_MOS.

So the files are uploaded correctly right?

The "Read More" was blank. Any suggestions?!!!

You guys are great!
Thanks,
Mark
mark@lovekungfu.com

Thanks for a great tool - saved my bacon!
Transfered my site to a new host and couldn't work out why the site was only half working until I ran this little beauty which showed me about 20 files that must have corrupted on the upload.

Thanks heaps
Simon

What is the resolution if you get an error message that says,

File is corrupted or has been altered

What is the resolution if you get an error message that says,

File is missing
(The files are in the directories this tool lists)

When I ran this tool on the server I ftp'd from there were no errors.

Pete

Just take the files from Joomla 1.0.x stable and overwrite the ones on the server.

I forgot to mention that I had transferred sites from one hosting company to another..

I tried ftp in binary and ascII, ascII ifixed a lot of problems but I am getting these errors at this point,


...about 25 of these

File does not contain _VALID_MOS. Read more


...and on one that says

MISSING /usr/local/apache2/sites/websiteroot/ File is missing

Thanks,
Pete

Hi there,

Someone recommend me your tool http://forum.joomla.org/index.php/topic,144949.0.html to troubleshoot a problem I had with Joomla. http://www.airlibre.eu is now back online, but I'm still getting a sh*t load of error messages (http://www.airlibre.eu/diagnostics.php ) with JoomlaDiags.
I suppose this is because I'm using the official French version of Joomla and therefore the hashes are not the same as for the English copy?

• Could you confirm this is the case (errors are due to french version)
• Is there a way I could adjust your tool for the french copy?

Thanks in advance and have a nice day

FT

[MOD note: Only exact URLs allowed, see Forum Rules: http://forum.joomla.org/index.php/topic,65.0.html - pe7er]

If you have a French version, where the Joomla administrator back-end is translated into French, the files are not original and do not correspond with the hash contol values in the .txt control file. You will need to have a control file with the hashes for your French copy, but I don't think that it exists....

You can make your own hash file by using something like the following on a FRESH copy of Joomla! (FR) and then run the diagnostic against your production version.

This will give you an output of any of the differences between the released core and your production version at least, but the French language changes may still produce some "false positives"


  Build Generation Tool
    http://forum.joomla.org/index.php/topic ... #msg311635

  Command Line Build Technique
    http://forum.joomla.org/index.php/topic ... #msg635423

great it is very help me to manage file.

Hi Folks,

I ran the tool locally (JSAS) and got just 3 messages... the explaining was clear but what do I do with it?

defined( '_VALID_MOS' ) or die( 'Restricted access' );

If a file doesn't include it, Joomla Diagnostics will display a warning after checking a few conditions first (to remove most false positives).

Error  Filename  Type
SECURITY W:/www/emuisnl/includes/Cache/Lite.php File does not contain _VALID_MOS.
SECURITY W:/www/emuisnl/includes/domit/xml_domit_rss_shared.php File does not contain _VALID_MOS.
SECURITY W:/www/emuisnl/includes/phpmailer/class.phpmailer.php File does not contain _VALID_MOS.

What and do I need to add or change something?


Regards and cheers!
Muis.

You can ignore those...

(Technical background: The code in those files are included in so called "classes" and not directly executed.
Therefore the missing _VALID_MOS errors cannot do any harm in those files).

dank je wel!

i tried your diagnostics program and it was really simple to use and worked fine. my only problem is teh same thing a few people mentioned, it i sshowing up as all files have some sort of error or there is warnings, security and tons of missing files. i am at my wits end here. i am getting a bunch of ....... (can not use the words I want to say here) hacking into my server and using it for DDOS and IRC stuff. It has happened many times and I do not know what I am suppose to do about it. I have tried everything to secure my server and sites but still it keeps happening.
can you please tell me what I am doing wrong and why your diagnostics is showing all these errors and missing files. it even does this on a fresh joomla 1.0.12 install. please help. Also, how can I secure my server and joomla sites from these hackers using it to save bandwidth on their own sites?
Also websmurf you seem to have a ton of knowledge in this area, i would like to speak to you via email or phone if possible, maybe we could work something out in the way of you securing my server, if this is something you may be interested in. Email me at steve at mad.ca or phone 905-824-2202.
Thanks
please advise
Steve

The Security Forums and several  Sticky Posts cover a huge amount of information regarding Security Issues and Potential Resolutions, please refer;

  Security Announcements
  Security Forum
  Joomla! Admin's Security Guide
  Security FAQ's Index
  3rd Party Security Forum

Security concerns or bugs may also be reported within the Quality and Testing Work Group Forum, in the event that a major or serious security issue is found by developers or end-users, they may also reach the "Security Response Team" via the Developer Site,  Reporting Security Issues.

In addition to the above information, you may also find the following tools of interest;

As you are already aware;
Joomla! Diagnostics by WebSmurf
  This tool will compare your existing installation against a known good file list of Joomla! and highlight any missing, potentially corrupt or modified files, as well as providing some security related tests.
  Joomla! Diagnostics Home
  Joomla! Diagnostic discussion

Maybe a new tool you are not aware of;
Joomla! Tools Suite by the JTS Team
JTS provides a host of Joomla! site and server security configuration advice (based on HISA), embedded version of Joomla! Diagnostics,  including several maintenance tools such as Permissions, installed Extensions and DB optimisation.
Joomla! HISA
HISA is a single script, StandAlone Joomla! Pre- and Post- Installation Health, Installation and Security Audit tool.
  Joomla! Tools Suite Home
  Joomla! HISA Home
  JTS and HISA Discussion
 
  Several other tools may also be found on the Joomla! Extensions site in the "Tools" section.

As far as I am aware, at this current time, there are no known Security flaws within the Joomla! v1.0.12 release. I hope the above information will ease any Security concerns that you may have and provides you with access to relevant and useful information and tools.

As for conrinuing to be exploited, potentially this is "from inside" maybe on a previous exploit something has been left on the server, which is normal cracking practice, which has not been cleaned, thus they are actually never completely irradicated from you server in the first place.

Hello Websmurf,

I installed your tool and it works fine but as newbie I have no back-up of my site and before I change anything I wonder if you could take a look at the result.

http://emuis.nl

Got lots of warnings and errors..... I had a problem with my tiny editor and thats why I installed JSE editor.
Reason I diagnostics with your tool is because (short topic) http://forum.joomla.org/index.php/topic,168221.0.html


hope you'll find some time.
Greetings
Muis

ps. can I install Joomla! locally and upload the missing and corrupted file's without disabling my site beyond revovery

what version of Joomla are you running? and which version of diagnostics are you using?
Are there certain functions disabled on your server? It seems to me there are just to many files highlighted to be good..

the latest, Joomla! 1.0.12 Stable
and the diagnostic tool downloaded from this topic..
should I get this one?
http://www.joomla-addons.org/option,com ... id,23.html

just changed the file's on my server... joomla! 1.0.8.txt to 1.0.12.txt changed it together with diagnostic.php

now everything seems to me allrighty, I continue with my problem... with the latest news module.
(can't link it to the top menu in the site module link bar because those possibilities are missing.
Only home, personal and business appear. So wierd it's out of the box joomla, i didnt do anything. It wasn't me)

it was you who made sure that I am looking in the right place now

Great tool and tx's very much for you're assistance

Regards,
Muis

problem solved

For the same error i had to spend hours and hours reinstalling , uploading hundreds of joomlys ( joomla files ) 
Please update the tool , it will save time of thousands of new B's like me. Thanks for the corns anyways, 

Hi everyone,
Im going crazy with some problems in my site. Im wondering if anyone can help me out explaining how to upload and run the diagnostics tool.

My problems:
1. this message is appearing in pages like: FAQ, Articles, content pages in general. Warning: Missing argument 12 for showcontentlist() in /home/cwlmdaqq/public_html/portada/components/com_content/content.html.php on line 28
2. Everything is set to public but when trying to access a full article after reading the intro it asks me to sign in.

If anyone can help me out would be very very much appreciated.
Thanks a lot.
Rafael

Hi guys,
Im very worried after running the diagnostics tool. At leat 200 errors or more came up.
My site works fine except for two problems that i have. How can i have so many errors.
If I have that many errors and missing files what should I do?
My site is visites by many people everyday and new members signin in everyday. I dont know what to do....
Please help me out
Thank you very much
Rafael

always name your site... put in a link etc. etc  etc.
if site don't work leave also
version, server, what have you done before.. etc etc  etc.



your first problem, you solved yourself... do not post to quickly... you can do it!

ps. I got most of the answers by reading... I'm always sure that my problems wasn't unique, somebody must have countered it before me.....


I am a newbie.... and every file you edit, diagnostic tool will let you know. It doesn't mean somethings wrong. See yourself http://emuis.nl/diagnostics.php

good luck

Muis