Menu

Topic-icon Several problems

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 year 6 months ago #4631 by flaemingwerbung
Several problems was created by flaemingwerbung
Hello!
I installed Securitycheck Pro on 4 websites and ControlCenter on one of them. I've included all of them in the Manage Websites and many functions basically work. But there are some things that don't work reliably or not at all.
Version of both Pro and Center are the latest, of course. Only installed about a week ago.
(I skip some numbers in the enumaration, I post them to the wish list.)

1.
Manage Websites - Refresh Info
I have 4 web sites, check all four and then press Refresh Info.
Almost every time it refreshes only two of them, I have to hit the search button to show all four sites and then have to refresh the other 2 a "second" time (these are the two on top of the list, e.g. added last). Sometimes they show the same time of last contact, but actually two have not been contacted (shown by old data). Sometimes al have been updated, but only two show up in the list and I have to hit the search button.

2.
the weakness check shows
"realtime refresh is checked, but there seems to be a problem:"
"Download ID empty" - it isn't.

3.
above message was translated back from German, which lets me get to the most annoying problem. The latest version of SecurityCheck Pro has many German translations. These are awfully bad. Please, stop translation, if you have this done by someone who doesn't speak a word of German! Please, have a config settings which lets me choose the language, and, preferrably, also set English as the default. The German is so bad that some words or sentences are not understandable at all. I only understood them because I knew what there was in English before the update. I'd rather have English than German, even if the German translations were better. Thanks! (I cannot switch the overall GUI because the normal user who edits the CMS needs the German texts of Joomla.)

4.
on two of the systems I get a lot of wrong integrity files (99%) after the upgrade to Joomla 3.7.1. I don't get that on the other systems. Displaying the files says for each one "hash value changed". I think that's quite right, because they have changed. But shouldn't SecurityCheck know about the new hashes for 3.7.1? Also, on the other systems it's just fine. Does this indicate some problem downloading new hash values for 3.7.1? There is no button for "update hash values now". Should I check all files as safe? Database plugin is installed.

6.
optimize database tables hangs for all sites at some point. Databases are small!
Refresh of the page shows a date and time of optimization (e.g. it seems to have succeeded.)

7.
check for file permissions shows some 350 updated files with wrong permissions. For instance akeeba, fof, others. Why do these have wrong permissions? Shouldn't this be taken care of by the upgrade process?
Once I repair I still have one file with wrong permissions. Guess what? It's the securitycheck log. com_securitycheckpro/scans/toz6fjmcjoherzur4huj.php

13.
using the update button for a single website on the right of Manage Websites results most of the time in an immediate error (pop-up window) the first time I do it. The second time most of the time it succeeds. If not, it succeeds on the third or fourth try. But this next one takes quite long and shows a blank pop-up window with no indication, what's going on. Then, after a while it fills with the succees message.
Also, the successful update is *not* reflected in the updates table for manage websites (although there apaprently happens a new contact as this date/time gets updated to "now", it still shows the update as not installed.

14.
Akeeba Backup via Center doesn't work for me. Backup starts and shows "finished" after a while, no result shown.
site 1: Akeeba on the remote shows the log entry, first a pending status, then failed.
site 2: no indication in Akeeba at all, that there was an attempted backup.
site 3: Akeeba on the remote shows the log entry, pending status, no further change.
All failed backup files are .01 and 27 bytes. So, it fails in a very early stage.

last lines in the akeeba log are:
[170522 15:51:15] ====== Finished Step number 2 ======
[170522 15:51:15] Kettenrad :: Setting the break flag between domains
[170522 15:51:15] *** Engine steps batching: Break flag detected.
[170522 15:51:15] *** Batching of engine steps finished. I will now return control to the caller.
[170522 15:51:15] No need to sleep; execution time: 238.34300041199 msec; min. exec. time: 0 msec
[170522 15:51:15] Saving Kettenrad instance frontend
[170522 15:58:06] Kettenrad :: Attempting to load from database (frontend.id3) [frontend.id3]
[170522 15:58:06] -- Loaded stored Akeeba Factory (frontend.id3) [frontend.id3]

16. remote task "remove all entries from the firewall.log" doesn't work. It purports to work and refreshes the contact details, but the count stays the same. And logging in to the site shows me nothing has been deleted.

Please Log in or Create an account to join the conversation.

More
1 year 6 months ago #4635 by Jose
Replied by Jose on topic Several problems
Hi Martin,

First of all thank you very much for your detailed feeback. I will try to reply to all your points:

1.
Manage Websites - Refresh Info
I have 4 web sites, check all four and then press Refresh Info.
Almost every time it refreshes only two of them, I have to hit the search button to show all four sites and then have to refresh the other 2 a "second" time (these are the two on top of the list, e.g. added last). Sometimes they show the same time of last contact, but actually two have not been contacted (shown by old data). Sometimes al have been updated, but only two show up in the list and I have to hit the search button.

Umm, this is really odd. The refresh info task takes all websites selected. There is a bug showing results (this is why you have to hit the search button) but all sites should be contacted and the info updated. I will check what's happening.

2.
the weakness check shows
"realtime refresh is checked, but there seems to be a problem:"
"Download ID empty" - it isn't.

After adding the Download Id you must log out and log in to refresh this info. Did you do that?

3.
above message was translated back from German, which lets me get to the most annoying problem. The latest version of SecurityCheck Pro has many German translations. These are awfully bad. Please, stop translation, if you have this done by someone who doesn't speak a word of German! Please, have a config settings which lets me choose the language, and, preferrably, also set English as the default. The German is so bad that some words or sentences are not understandable at all. I only understood them because I knew what there was in English before the update. I'd rather have English than German, even if the German translations were better. Thanks! (I cannot switch the overall GUI because the normal user who edits the CMS needs the German texts of Joomla.)

The person who translates my components to German was not able to do it during a certain period of time; in that period I used the google translator to keep the extensions translated. I though to delete the entire translation, but there were many work done so finally I decided to keep it. Now the person is translating the extension again, but some strings should be checked. I really apologize for this. If you could send me the right translation it would be great (and I would extend your subscription for the effort).

4.
on two of the systems I get a lot of wrong integrity files (99%) after the upgrade to Joomla 3.7.1. I don't get that on the other systems. Displaying the files says for each one "hash value changed". I think that's quite right, because they have changed. But shouldn't SecurityCheck know about the new hashes for 3.7.1? Also, on the other systems it's just fine. Does this indicate some problem downloading new hash values for 3.7.1? There is no button for "update hash values now". Should I check all files as safe? Database plugin is installed.

My extension doesn't check official channels to get hashes of files; the extension get the hashes for the entire filesystem. Everytime you launch a file integrity scan all hashes are checked and new/modified files are notified to you. If in other systems you have not been notified then maybe the file integrity scan has not been launched (cron task alternate file integirity and permissions tasks).

6.
optimize database tables hangs for all sites at some point. Databases are small!
Refresh of the page shows a date and time of optimization (e.g. it seems to have succeeded.)

In which point? This is a simple task and nobody but you has reported issues with this feature.

7.
check for file permissions shows some 350 updated files with wrong permissions. For instance akeeba, fof, others. Why do these have wrong permissions? Shouldn't this be taken care of by the upgrade process?
Once I repair I still have one file with wrong permissions. Guess what? It's the securitycheck log. com_securitycheckpro/scans/toz6fjmcjoherzur4huj.php

File permissions are managed by the server, and sometimes are not defined right. SCP tries to set them to a right value (644 for files and 755 for folders), but the user who runs Joomla (tipically apache or www-data) must be the owner of the files to do that. If for some reason this doesn't happen, then the task can't change permissions. Do you get a warning when the task try to change permissions of toz6fjmcjoherzur4huj.php?

13.
using the update button for a single website on the right of Manage Websites results most of the time in an immediate error (pop-up window) the first time I do it. The second time most of the time it succeeds. If not, it succeeds on the third or fourth try. But this next one takes quite long and shows a blank pop-up window with no indication, what's going on. Then, after a while it fills with the succees message.
Also, the successful update is *not* reflected in the updates table for manage websites (although there apaprently happens a new contact as this date/time gets updated to "now", it still shows the update as not installed.

Yes, you're right. This will be fixed in the next version.

14.
Akeeba Backup via Center doesn't work for me. Backup starts and shows "finished" after a while, no result shown.
site 1: Akeeba on the remote shows the log entry, first a pending status, then failed.
site 2: no indication in Akeeba at all, that there was an attempted backup.
site 3: Akeeba on the remote shows the log entry, pending status, no further change.
All failed backup files are .01 and 27 bytes. So, it fails in a very early stage.

I use the Akeeba feature to launch remote backups; following the instructions of this product my extension only automatize the task, so I can't control what's happening (I only check remote codes returned by this feaure).

16. remote task "remove all entries from the firewall.log" doesn't work. It purports to work and refreshes the contact details, but the count stays the same. And logging in to the site shows me nothing has been deleted.

Please, take note that the button says "Delete blocked access attempts logs". This means only "access attemtps logs" are deleted. This is a really old feature and maybe I will change it to delete all entries, but now this is not a bug.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 year 6 months ago #4636 by flaemingwerbung
Replied by flaemingwerbung on topic Several problems
3.
I was able to overcome the translation problem by logging in as Super-User with English. Still, if a translation is so bad and misleading, please do not include it. It's then better to get the original.

Please Log in or Create an account to join the conversation.

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 year 6 months ago - 1 year 6 months ago #4645 by flaemingwerbung
Replied by flaemingwerbung on topic Several problems
Hi there, thanks for the detailed reply as well! Some replies below.

If you could send me the right translation it would be great (and I would extend your subscription for the effort).

Usually, I would be happy to do that, but really don't have time. I'd be happy with the original English. (As written above I now login with English instead of Standard.)

My extension doesn't check official channels to get hashes of files; the extension get the hashes for the entire filesystem. Everytime you launch a file integrity scan all hashes are checked and new/modified files are notified to you. If in other systems you have not been notified then maybe the file integrity scan has not been launched (cron task alternate file integirity and permissions tasks).

It doesn't work like this here. At least not on the system where I have this problem and on one other that is administered by Martin. I can scan several times and always get the same results about some 7800 of 7900 files not having the correct hashes. I'll try another time. Should I set the files to safe then?
I did manual scans on all systems after the update to 3.7.1 and had done at least one manual scan on each of the systems only a few days earlier. Only one showed this problem.

6.
optimize database tables hangs for all sites at some point.

In which point?

It's not a specific point. It's in the middle of a database table and it's always another one. e.g. it's another table in each of the four sites. I think it was the same table when I did it a second time on one of the setups. I didn't try on all of them a second time. However, once I refreshed it shows a completion date and the task seems to have run successful.

Do you get a warning when the task try to change permissions of toz6fjmcjoherzur4huj.php?


These are permissions where I had Securitycheck repair them a few days earlier (all sites had a few fiels with wrong permissions, not many). Then I upgraded to 3.7.1 with the built-in update functionality in Joomla. Then did another check and suddenly several hundred files have wrong permissions. Most seem to be of Akeeba origin (which includes fof for instance). Once I repair there is one file left with wrong permissions and that's obviously the repair results file of Securitycheck. I can "repair" that as well, of course. But this would create another results file that would have wrong permissions. So I have to keep at least one fiel with wrong permissions ;-) Anyway, my main question here was, that files updated by Joomla (or by the recent Akeeba update that came out at the same time) shouldn't have wrong permissions, shouldn't they? I'm not sure if this problem happened on all four sites. I think it happenend only on one or two of them. So, the repair works. The point is that I don't understand why they have wrong permissions after an update.

I use the Akeeba feature to launch remote backups; following the instructions of this product my extension only automatize the task, so I can't control what's happening (I only check remote codes returned by this feaure).


Ah, I understand now. I tried remote backups myself with wget and hit a 403 on all requests. I did that once the backup initiation via Securitycheck didn't work. The problem is the blocking of the wget User-Agent in the .htaccess created by Securitycheck. This can't be the reason why doing this from Securitycheck didn't work, though. But once I removed wget from .htaccess there was no problem to trigger the backups with wget from another server. I read the akeeba documentation and it seems the main point of failure are the redirects. You have to follow all redirects until the end. If there is a point where the connection drops the update fails. Might be helpful for debugging purposes to see what Securitycheck actually does, e.g. log first connect, log reply, log second connect, second reply, and so on. And show that in the popup that now just says "Finished".
You *do* url-encode the entered secret, do you? I entered the *original* secret word, which has characters that have to be url-encoded.
Btw, on the wish, yes, you can specify an ID for the backup profile. e.g. " example.com/index.php?option=com_akeeba&...odedsecret&profile=2 "

Please, take note that the button says "Delete blocked access attempts logs".

Yes, I was wondering about that and what it actually means. Is it only for the login attempts? But then I read the documentation again and I think it says "all". Thanks for the hint about not logging those url inspector blockings. This should reduce logs quite heavy.

Cheers, Kai
Last edit: 1 year 6 months ago by flaemingwerbung.

Please Log in or Create an account to join the conversation.

More
1 year 6 months ago #4646 by Jose
Replied by Jose on topic Several problems
Hi Kai,

Usually, I would be happy to do that, but really don't have time. I'd be happy with the original English. (As written above I now login with English instead of Standard.)

Ok; thank you very much anyway :)

It doesn't work like this here. At least not on the system where I have this problem and on one other that is administered by Martin. I can scan several times and always get the same results about some 7800 of 7900 files not having the correct hashes. I'll try another time. Should I set the files to safe then?

I have noticed that in some websites the second scan shows (almost) all files as modified, so you must mark all of them as safe and from then on you will be notified only of new/modified files.

It's not a specific point. It's in the middle of a database table and it's always another one. e.g. it's another table in each of the four sites. I think it was the same table when I did it a second time on one of the setups. I didn't try on all of them a second time. However, once I refreshed it shows a completion date and the task seems to have run successful.

I will check this, but I never got this issue even on early development stages.

Once I repair there is one file left with wrong permissions and that's obviously the repair results file of Securitycheck. I can "repair" that as well, of course. But this would create another results file that would have wrong permissions. So I have to keep at least one fiel with wrong permissions ;-)Anyway, my main question here was, that files updated by Joomla (or by the recent Akeeba update that came out at the same time) shouldn't have wrong permissions, shouldn't they?

I don't know why that happens, because files should inherit folder permissions. For example I always get wrong permissions on log files (666) when I create a backup. Anyway I will have a look to see if I can force permissions.

You *do* url-encode the entered secret, do you? I entered the *original* secret word, which has characters that have to be url-encoded.
Btw, on the wish, yes, you can specify an ID for the backup profile. e.g. " example.com/index.php?option=com_akeeba&...odedsecret&profile=2 "

Thank you very much for taking the time to check this! I will add the option to select a profile in future versions.

Yes, I was wondering about that and what it actually means. Is it only for the login attempts? But then I read the documentation again and I think it says "all". Thanks for the hint about not logging those url inspector blockings. This should reduce logs quite heavy.

Yes, in ancient versions of SCP all accessing attempts of blocked ips were logged, so sometimes we got tons of logs. This is why I added that option.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 year 6 months ago #4647 by flaemingwerbung
Replied by flaemingwerbung on topic Several problems
about the problem with the download id. There are two fields for entering it. Why? We exported the configuration on one site and imported it on another. The download id is shown in global configuration > component after importing. But it's not shown in the settings System - Securitycheck Pro Update Database which seem to be only available via the weakness check. I installed the database plugin *after* installing Pro and after importing. Nevertheless, if this id is globally available that shouldn't matter. It should be saved only once.

Please Log in or Create an account to join the conversation.

Time to create page: 0.110 seconds
Powered by Kunena Forum

Login or Sign In