Detect Hacked Files via CRON/PHP

Programming for Search Engines 101. An area for avid PHP and .NET developers to chat about Programming techniques and how to make better use of search engines.

Moderator: Moderators

Detect Hacked Files via CRON/PHP

Postby Sanith » Mon Feb 18, 2013 10:51 pm

As a Certified Ethical Hacker, I searched for a script which would help me to detect unauthorized file changes. I found a script (probably in the User Contributed Notes at php.net) which I modified to have working very nicely on my “test server” (Windows) as well as on my “production” server (Linux).

The logic is simple: “Build a database of hashed values for vulnerable files (those which hackers will modify to execute code on your server) and compare those values to the actual hashes on a regular basis and report added, changed and deleted files.”

Obviously, the code to traverse a server’s directory structure and provide hash values is far more complex than the statement above. I will go through the code for the production server.

More:
Sanith
 
Posts: 13
Joined: Tue Jun 21, 2011 11:31 pm
Tell us why you would like to become a WyseLabs Member:

Return to Programming

Who is online

Users browsing this forum: No registered users and 3 guests

cron