Security Scan Now Available In Ez Admin Helper

EZ Merchant Solutions is happy to announce that we have added security intrusion detection to our EZ Admin Helper addon.



There are several known intrusions that have occurred over the past year or so. Each of these has a unique signature and can be detected if present.



The new “Check security intrusion” action in EZ Admin Helper will scan your site for these intrusions and tell you what if finds. It has options for displaying “fail only” results so that cron emails won't happen unless an intrusion is actually detected.



Please note that this action checks for known intrusions only. It is NOT a substitute for regular scanning of your system for malware and will not detect anything where the signature is unknown to us.



Currently, the following intrusions are detected:[list]

[]Whether the payment methods that were vulnerable have been removed or repaired.

[
]Payment cache vulnerability

[]Images cache vulnerability

[
]Variety of image files and/or JS files that shouldn't be on your site and are known to be an issue

[/list]

There is also an option to dump the cscart_images_cache table (if it's detected) to a file and decode it so you can identify which of your client's personal information (including credit cards) may have been compromised.



The product detail page is here and the PDF documentation can be viewed in the Attachments tab or from this document location.



Price remains the same at $34.99usd (might be the best 40 bucks you've ever spent).



If you become aware of any other intrusions to cs-cart, we will be happy to update this action to detect those intrusions as well. Please use the contact us link to provide us with details.



Note that in the addon, intrusions are detected ONLY, they are not removed. Removal requires manual inspection and removal. We can also provide this service if need be. Again, simply contact us and we'll be happy to help.



The current list of actions in EZ Admin Helper are as follows:

Clear cache

Clear template cache (V4+ only)

Clear thumb cache

Clear logs

Clear statistics

Clear carts

Backup site

Optimize database

Backup database

Update currencies

Monitor files

Reset user passwords

Change admin url

Check detailed images (V4+ only)

Check security intrusions (V4+ only)



The goal of this addon is simply to make your life a little bit easier by giving you the option to launch common tasks easily from one location or to schedule them to be done automatically.

Tony



This great add on for which I have now purchased version 4.2 from you is that one also ready for deployment on V4.3.2 ?

prnscr_ez commontools.png

Yes, the addon is fully compatible with V4.3.2.



What the error message means is that (like it says) you have ownership/permission issues on your site that prevent that addon from upgrading itself. I.e. the archive read from our upgrade server can't be installed.



Usually this is caused by files/directories not being owned (or writeable) by the user which PHP is running as.



Suggest you have your site administrator (or your hosting company) ensure that your whole store can be read/written by the PHP process that is executing it.



Updated note: after you make your changes, you can force the upgrade to occur by doing:

[your_domain_admin.php]?dispatch=ez_maint.upgrade.force

[quote name='tbirnseth' timestamp='1435433568' post='220686']

Yes, the addon is fully compatible with V4.3.2.



What the error message means is that (like it says) you have ownership/permission issues on your site that prevent that addon from upgrading itself. I.e. the archive read from our upgrade server can't be installed.



Usually this is caused by files/directories not being owned (or writeable) by the user which PHP is running as.



Suggest you have your site administrator (or your hosting company) ensure that your whole store can be read/written by the PHP process that is executing it.



Updated note: after you make your changes, you can force the upgrade to occur by doing:

[your_domain_admin.php]?dispatch=ez_maint.upgrade.force

[/quote]



Tony



A few things


  1. I am the host and I set the permissions as root by 777 for the directories /ez_maint/ and

    I ran the force upgrade command



    All I get back is



    404



    Page not found.



    Any thoughts ?



    Cheers



    Anthony

can't remove this single post in this thread - please ignore

Let me show you the file structure and the settings as it is:



[attachment=9768:prnscr_ez_maint_files.png]

What's the URL of the 404? But my best is there is still a ownership/permission issue and it can't execute a script it expects to be there. Note that we use internal cs-cart routines for extraction, etc. The error reporting of these is usually non-existent so we can't detect if an archive fails to install until we go to execute a script within it.



[font=Arial]Personally, I would be running php as suPHP and then have all directories 755 and files 644 both owned and group-owership by the php USER and GROUP that PHP runs as.[/font]



The upgrade process is basically…[list=1]

[]Download the archive from our server to var/ez_upgrade/[addon name]

[
]Create a backup of the currently installed addon in var/ez_backup

[]Extract the new archive in the root of the store

[
]Run any addon/upgrade specific scripts need to be run

[*]Run a general “all versions” script for the addon

[/list]

So a permissions issue could occur at any of those points if the system is not setup to enable the application (cs-cart) to add/modify/delete files/directories.



Why don't you contact us and we can then get access to your site and help you out. Guessing at these type of things is not usually too fruitful.



Note that all cs-cart V4 sites that have EZ Admin Helper should have been upgraded to V4.2.19 of the addon by now and this is the only instance of an upgrade issue reported so far. Of course that doesn't mean there aren't others, just none reported.

Your great addon Tony is running smooth like a never before. The issues we had were solely due to problems with the permission settings in cpanel which by the way was neatly fixed by the support dep. of cpanel inc.

Good to hear. We know there are issues with the site backup action (times out and fails on some sites) but we're working on it. Think we're going to move away from the Phar extension and go back to the older (and more effecient) Tar class.



Update: We just released a new version that uses the older PEAR Archive Tar class which runs about 10x faster than the new Phar extension. So site backups now work quickly and efficiently.

Hi,

One thing that is an issue with the admin side of CSC is the need to turn off Mod_security in cPanel/.htaccess to allow saving of (just about any) content. The latest problem was that I could not create a new Order Status until I turned it off.

Im wondering if there is any functionality that could be added to EZ admin helper to turn off mod_sec automatically when admin sessions are active?

Unfortunately, mod_security is an Apache level action which is performed before PHP is loaded and before the page is loaded.

You should be able to set the proper mod_security settings for cs-cart. Please review the knowledge base and it will tell you the settings you need to turn off or modify.