Given the rash of security issues that seem to be occurring, we have added a new 'action' to our EZ Admin Helper addon called 'Monitor files'. This function will monitor files on your site so you can see what's changed. I.e. new, removed or modified.
Setup to run daily with email output, you can easily review what files on your site are changing (some things in var excluded) so you can identify any malware that may be injected.
Documentation for the addon is located in pdf format here. And the product details page is here.
This addon is available for V3 and V4 sites only (PRO, ULTIMATE and MVE). If there is enough demand, we will consider porting it back to V2 since we believe it is an essential toolkit for any merchant.
A screenshot of a manual run of this file after removing the recommended payment files is attached.
1 vote here for porting back to version 2!
…is there a bit of a 'blackout' on the current security issue… if so, I understand why this might be prudent… I just wondered as I thought I would have seen mention of it on the forums by now
Can't address any 'blackout' issues. That would be a question for cs-cart. But I don't think any postings are being deleted.
We have gone ahead and made this addon available for V2 clients as well now. You can order it from here.
That's great news - I see it's available for version 2.2.x … would it be possible for you to port it back a little further, to version 2.1.4 for example - or is this not practical…? I for one would buy it immediately if it worked on this older CS.
Not practical due to the lack of fn_url functionality in versions earlier than 2.2.1 (I think that's the cut-over point).
We have added the following functionality to the EZ Admin Helper addon:[list]
[]Reset user passwords (1 click) - forces users to change their passwords next time they login
[]Change the admin url to a new name (changes config.local.php, the registry and the actual file name used)
[/list]
We also cleaned up the output a bit for the cron jobs ensuring that html is decoded in the mail template so things like filenames come out one per line versus all on one long line.
Addon documentation is available here.
[quote name='tbirnseth' timestamp='1401499257' post='184719']
We have added the following functionality to the EZ Admin Helper addon:[list]
[]Reset user passwords (1 click) - forces users to change their passwords next time they login
[]Change the admin url to a new name (changes config.local.php, the registry and the actual file name used)
[/list]
We also cleaned up the output a bit for the cron jobs ensuring that html is decoded in the mail template so things like filenames come out one per line versus all on one long line.
Addon documentation is available here.
[/quote]
Will the add-on automatically update or do we need to download it again and reinstall it.?
It should automatically update. But you can always do:
[your_domain_admin.php]?dispatch=ez_maint.upgrade.force
which should cause you to get the next version.
If for some reason on V2 or V3 you don't see the new fields (top of screen) you can do
[your_domain_admin.php]?dispatch=ez_maint.install_skins
[quote name='tbirnseth' timestamp='1401504598' post='184722']
It should automatically update. But you can always do:
[your_domain_admin.php]?dispatch=ez_maint.upgrade.force
which should cause you to get the next version.
If for some reason on V2 or V3 you don't see the new fields (top of screen) you can do
[your_domain_admin.php]?dispatch=ez_maint.install_skins
[/quote]
Tried what you stated and it closed storefront and got an error unable to decompress file.
That's odd. Guess you should wait for the automatic update then… Everything is built the same as always. You still on 4.1.4 or have you upgraded to 4.1.5? They changed their fn_decompress_files() function in 4.1.5 to address a filenaming bug.
What is the exact error message you're seeing? Please add this to your config.local.php for debug purposes
if( !defined('DEVELOPEMENT') ) define('DEVELOPMENT', true);
I did some testing here and can't reproduce the issue.
If you did NOT install via the '+' icon on the addon screen, you might have permission problems on your site that is preventing the files from being extracted properly. I tried to look on your site using previous credentials, but admin url has changed (good thing). Drop me an email and we'll get it figured out.