SysCheck for Zen Cart

SysCheck is a Zen Cart™ contribution which allows a shopowner to perform a quick system scan of their cart. It searches for vulnerabilities which could leave you open to attack and known artifacts of successful attacks.

Donate! Show your appreciation by supporting my efforts.

Relevance: Zen Cart™ 1.3.7 and forward

Cost: Free, but donation appreciated

Location: Zen Cart Downloads page, under Troubleshooting Tools.

Download: Download SysCheck from the Zen Cart Downloads Page

Current Version: 1.0.3

FAQ: click here

Support Thread: SysCheck Support Thread

osCommerce User? This is a Zen Cart page. Look at SysCheck for osCommerce for osCommerce help.

Overview:

SysCheck lists the following:

• unique IP addresses that have been active in your admin
• admin ids
• php scripts in the images directory
• directories with permissions other than 0x755
• php files which include "eval" (this is an known exploit vector).
• files with permissions other than 0x644

Access to SysCheck

SysCheck appears as a link at the top right hand corner of your admin panel.

SysCheck results on a hacked site

More Reading

• Renaming your admin folder
• Recovering from a hack
• Zen Cart Security Recommendations
• Important Site Security Recommendations
• List of Security Patches to Apply for Zen Cart 1.3.x
• How do I set permissions on files/folders?

FAQ

Q: I'm getting eval matches on files I know are ok. How can I suppress these?
A: In the file admin/syscheck.php, look for the array $eval_ok_files. You can follow the pattern and add to this list as appropriate for the mods you have installed.

Q: I was hacked, and I deleted all the files SysCheck reported. Am I ok now?
A: NO! SysCheck is just a starting point. You need to follow all the recommendations in my blog post Recovering from a hack. In particular, you need to reload from a known good backup. If you don't and another file was tampered with (for instance, spammy links were added to your footer, or the credit card details are being recorded), you will never know it. You must restore from a known good backup.

Certificates of appreciation most welcome!
	If the information you learned reading this site is helping your store make more money, please consider making a donation. Thank you!

Want more Zen Cart?     Tips and Tricks     Contributions     Extensions     Custom Software     Newsletter