I created this object because I went through a period where my client sites were being hacked. I wanted to try
to stay one step ahead of the hackers so I wrote this script to scan the website for changes and report the results.
Scanner.php is a full and useable implementation of the class, you can ftp these files to your site, run the config
and initial scans andtehn create a cron job to periodically scan the site andreport the results in the log file and
via email. Somenotes:
1. Find an obscure place on your website to place index.html, scanner.php and scanner.class.php.
2. Rename the scanner.php and scanner.class.php files to some obsure name, maybe the domain to be scanned,
like domain.php and domain.class.php.
3. Run the configration script. If you are in a Codeigniter, Wordpress,Joomla or Drupal environment, many of
the configuration parameters will be picked up from theirconfig files.
4. Run an initial scan.
5. Create the cron job.
This script is designed to scan a site and compare file hashes to saved values, reporting when files have changed,
been added, or been changed. The algorythm is not perfect but you should get a short list of files to examine.
Usage:
http://[url of site]/[path to scanner]/[scanner filename].php?action=[action]
It is suggested that these files be hidden in the directory tree of the site and named something other than scanner.
actions:
scan or none - Perform a scan of the site, designed to be done in a cron job
config - set up scanner configuration
initial - perform an initial scan
V2.0 - changed processing methodology to ease memory requirements. As a sided benefit, execution times are significantly
shorter and database space has been significantly decreased.
The schema has changed. Old tables will not be deleted but may be deleted by hand by the site manager. These
tables are <DB Tablename Root>, <DB Tablename Root>_run, <DB Tablename Root>_scan, and <DB Tablename Root>_temp,
I have had issues with Server 500 errors on a site with three WordPress instances in it. My solution was to create three
cron jobs, one for each instance, ignoring the directories of the other two instances in teh root instance. Something about
recursing to deep. If I find a soolution, I will issue another update.
Donate to this project at http://www.diabloresults.com/downloads/site-change-detection/.
|