: Any suggestions for a change detection system? As a webdesigner/webmaster I'm taking care of various websites. Recently one client's website got "hacked". It turned out that at their office one
As a webdesigner/webmaster I'm taking care of various websites. Recently one client's website got "hacked". It turned out that at their office one computer got infected by a trojan, that spied the ftp password and then 'they' somehow installed an invisible iframe that was loading some nasty piece of code.
It wasn't my fault - but I anyways wish I would have discovered the attack first.
So I looked for tools that would detect changes to the files and templates and came along this promissing little script called "websitecds" which stands for "website change detection system". It basically goes through the entire web folder and detects any changes to code made. It then sends you an email alert if the codebase has changed.
code.google.com/p/websitecds/
So far so good. I installed the script and got it running - and manually it works just great. But that's the problem: I don't want to run it manually - I need to have cron triggered cds. The good news is some people altered the script so that you could run it by cron, others added a functionality that lets you exclude certain folders (e.g. password protected folders).
Now finally here comes my problem/ my question: I never got a version running that would
let you monitor a large number of websites, ideally from one central interface
AND send an email alert if a change occurs, ideally listing the changes
AND run by cron
AND let you exclude password protected folders.
Have you? Or has anybody any hints or pointers to a similar piece of software?
update: What I find tempting about a rather simple "file a change detection solution" is that it would also inform me if a client uploaded a new file to his/her website...
Thank you!
-cheers-
PS: or would you rather suggest to ask this over at stackoverflow.com ?
PS2: Here's the project page to the script mentioned above:
How to detect if your webserver is hacked and get alerted
More posts by @Candy875
2 Comments
Sorted by latest first Latest Oldest Best
I like the idea of using hash sums to check for changes in files. I don't like that the one you link to is installed on the server itself. If the server is hacked, that file is likely to be modified too.
I would use a command like this to ssh into each remote server and checksum all the important files in the web directory.
ssh mywebsite.example.com 'find /var/www/ -regextype posix-egrep -regex ".*.(html|php|txt)" -exec md5sum {} ;' > /var/website_checksums/mywebsite_`date +%Y-%m-%d`
Then I would use diff to compare it to the previous day.
This would be easy to automate in a cron job if you distribute ssh keys and can do a small amount of scripting.
A few simple options to automate malware scanning of multiple sites:
Use a paid automated malware scanning service such as Securi, 6Scan or SiteLock. You might want to encourage your client to sign up with these services, or offer it as part of a monthly maintenance contract.
Use a free plugin for your content management system, such as Wordfence for WordPress.
Create your own script that checks a list of URLs against a third-party scanning API, such as this one from Virustotal. Set a server cron job to run the script every day or hour as you see fit.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.