Zen Cart custom software development, Zen Cart modules, Zen Cart Expert eCommerce with Zen Cart!

SysCheck for Zen Cart

SysCheck is a Zen Cart™ contribution which allows a shopowner to perform a quick system scan of their cart. It searches for vulnerabilities which could leave you open to attack and known artifacts of successful attacks.

Donate: This is free software. Show your appreciation by supporting my efforts. Donate

Relevance: Zen Cart™ 1.3.9 and forward

Current Version: 1.0.5 (version history)

Support Thread: SysCheck Support Thread

Cost: Free, but donation appreciated

Installed Cost: $200 Buy Professional Installation by That Software Guy

Installation Difficulty: Moderate - High (you must interpret the results)

Installation Instructions: click here

Location: Zen Cart Plugins, under Troubleshooting Tools.

Download: Download SysCheck from Zen Cart Plugins

FAQ: click here

Add-Ons: I also recommend using Changed Files.


Overview:

SysCheck lists the following:
  • unique IP addresses that have been active in your admin
  • admin ids
  • php scripts in the images directory
  • directories with permissions other than 0x755
  • php files which include "eval" (this is an known exploit vector).
  • files which are writable by group or other


Access to SysCheck

Zen Cart SysCheck on Admin panel

You can install SysCheck either as a script to be run on demand or as a link in your admin panel. In the latter case, SysCheck appears as a link at the top right hand corner of your admin panel.

SysCheck results on a hacked site

Zen Cart SysCheck Results

Installation Instructions:

  1. Back up everything! Try this in a test environment prior to installing it on a live shop.
  2. Unzip the file you have received.
  3. Copy the contents of the folder you have unzipped to the admin directory of your shop.
  4. You may run the script directly from your admin panel. (i.e. type in http://yoursite.com/your-admin/syscheck.php)
  5. Instructions for making SysCheck a link on your admin header are contained in the README for the mod.

More Reading


Major Versions

  • 1.0.5 09/01/2018 - More checks!
  • 1.0.4 11/21/2009 - Skip log file writable test
  • 1.0.3 11/15/2009 - Look for scripts other than php; show hostname accessing admin.
  • 1.0.1a 09/21/2009 - Get admin dir name using dirname.
  • 1.0.1 09/19/2009 - In case of mod_php style installation, do more complete test for writability; report admin users and accesses.
  • 1.0 09/13/2009 - First Release

FAQ

Q: I'm getting eval matches on files I know are ok. How can I suppress these?
A: In the file admin/syscheck.php, look for the array $eval_ok_files. You can follow the pattern and add to this list as appropriate for the mods you have installed.

Q: I was hacked, and I deleted all the files SysCheck reported. Am I ok now?
A: NO! SysCheck is just a starting point. You need to follow all the recommendations in my blog post Recovering from a hack. In particular, you need to reload from a known good backup. If you don't and another file was tampered with (for instance, spammy links were added to your footer, or the credit card details are being recorded), you will never know it. You must restore from a known good backup.