Highland Linux User Group

Linux Community
It is currently Mon Feb 06, 2012 8:49 pm

View unanswered posts | View active topics


Board index » Softwares » Server and Security

All times are UTC [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
nguyen
 Post subject: Monitoring Index file
PostPosted: Thu Feb 18, 2010 12:32 am 
Offline
Moderator
User avatar

Joined: Tue Oct 03, 2006 12:27 pm
Posts: 162
Location: Inverness UK
Sometimes i thought what if my website got hacked for a while and i dont even know about it.
Normally if someone hack your website they intend to deface the website and change the index file, just "script kiddies" are into this sort of deface thing to make a "name" for themselves by "Defaced by" or "Hacked by ...".

i know real "hackers" don't do that.

but to monitor changes of your index file i thought about file size

if the index size has change then i got to know, How?

Simple enough

first i have to get file size of the file that i want to monitor
Code:
<?php
    $filename = "/folder/to/website/index.php";
echo filesize($filename);
?>


run the code i have the file size

example my index file is 6323 bytes
if one byte change, i would know it
i create a file name called monitor.php and save it in a secrete folder:
Code:
<?php
    $filename = "/folder/to/website/index.php";
   
if (filesize($filename)==6323){
    echo filesize($filename)."=>6323";
}
else{
    $Name = "Index monitor"; //senders name
      $email = "monitor@youwebsite.com"; //senders e-mail adress
      $recipient = "yourname@yourdomain.co.uk"; //recipient
      $mail_body = "yourdomain.co.uk is not ok, Something has gone wrong with it\n Please check it out ASAP"; //mail body
      $subject = "Something has gone wrong with yourdomain.co.uk"; //subject
      $header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields
      mail($recipient, $subject, $mail_body, $header); //mail command :)
     
echo filesize($filename)."#>6323";
}
?>


The code above monitoring the filezie, if the file size is not 6323 it will email me to let me know.

the code itself doesn't execute, now i want it to check every 15 minutes, the only way i can do this is by cron job YEH!

so i add this into crontab
Code:
*/15 * * * * wget -O /dev/null http://www.hlug.co.uk/secrete/folder/monitor.php >/dev/null 2>&1


the cron run every 15 minutes to get the file monitor and push it to the "black hole" /dev/null then be quiet >/dev/null 2>&1 don't have to tell the "boss" (root)
if i want it to run every 6 hours i can do:

Code:
00 00,6,12,18 * * * wget -O /dev/null http://www.hlug.co.uk/secrete/folder/monitor.php >/dev/null 2>&1


So that's it, now if my index file change 1 Byte it will email and let me know

you can add in SMS alert as well if you have an SMS API gate.

i use clickatell.com to have an API, so that the file not only email to alert me but also send me an SMS to my mobile :)

If you do have SMS gateway, be sure you update your website straight away once got hacked if you don't want the file waste a message every 15 minutes.

Example with SMS:

Code:
<?php
    $filename = "/folder/to/website/index.php";
    $number = "447853358533";
    $message = "Something has gone ugly with your website, please check it ASAP";
   
  function sendSMS($number,$message,$concat = 1) {
   $url = 'http://smsgateway.clickatell.com/sms.php';
   $customer = 'nguyen';
   $key = 'xxxxxxxx';
   $request = $url.'?customer='.$customer.'&key='.$key.'&number='.urlencode($number).'&message='.urlencode($message).'&concat='.$concat;
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $request);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   $response = curl_exec($ch);
   curl_close($ch);
   return split(',',$response);
}

if (filesize($filename)==6323){
    echo filesize($filename)."=>6323";
}
else{
    $Name = "Index monitor"; //senders name
      $email = "monitor@youwebsite.com"; //senders e-mail adress
      $recipient = "yourname@yourdomain.co.uk"; //recipient
      $mail_body = "yourdomain.co.uk is not ok, Something has gone wrong with it\n Please check it out ASAP"; //mail body
      $subject = "Something has gone wrong with yourdomain.co.uk"; //subject
      $header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields
      mail($recipient, $subject, $mail_body, $header); //mail command :)
         

     $sms_api_result = sendSMS($number,$message,'1');
  if ($sms_api_result[0] == 'OK') {
    echo "Alert!";
}
else {
   print_r($sms_api_result);
    $Name = "Index monitor"; //senders name
      $email = "monitor@youwebsite.com"; //senders e-mail adress
      $recipient = "yourname@yourdomain.co.uk"; //recipient
      $mail_body = "yourdomain.co.uk is not ok, Something has gone wrong with it\n Please check it out ASAP"; //mail body
      $subject = "Something has gone wrong with yourdomain.co.uk"; //subject
      $header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields
      mail($recipient, $subject, $mail_body, $header); //mail command :)
     
  }
 
echo filesize($filename)."#>6323";
}
?>

_________________
Computers are like air conditioners, They stop working properly when you open Windows!

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » Softwares » Server and Security

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2010 Highlands Linux Users Group