Comments on: How to detect if your webserver is hacked and get alerted http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/ Little words of wisdom Fri, 03 Feb 2012 09:46:34 +0000 hourly 1 http://wordpress.org/?v=3.3 By: TerryH http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-2/#comment-73643 TerryH Sat, 31 Dec 2011 13:40:28 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-73643 @Alan Sorry for the delay in reply - I don't get email from this site any more for some reason. To answer your question - you've probably worked it out for yourself - directories can't be excluded, only files. Sorry. I think the original websitecds is the same. Regards @Alan

Sorry for the delay in reply – I don’t get email from this site any more for some reason.

To answer your question – you’ve probably worked it out for yourself – directories can’t be excluded, only files. Sorry.

I think the original websitecds is the same.

Regards

]]> By: Lucio Becze http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-65786 Lucio Becze Sun, 04 Dec 2011 01:38:29 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-65786 Howdy! This post couldn’t be written any better! Reading through this post reminds me of my old room mate! He always kept talking about this. I will forward this post to him. Pretty sure he will have a good read. Thank you for sharing! Howdy! This post couldn’t be written any better! Reading through this post reminds me of my old room mate! He always kept talking about this. I will forward this post to him. Pretty sure he will have a good read. Thank you for sharing!

]]> By: ALan http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-62202 ALan Thu, 17 Nov 2011 23:35:49 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-62202 Hi Terry, does this http://dl.dropbox.com/u/8512030/web_search_cron.php have any option to omit certain subdirectories? Hi Terry, does this http://dl.dropbox.com/u/8512030/web_search_cron.php
have any option to omit certain subdirectories?

]]> By: TerryH http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-59798 TerryH Sun, 06 Nov 2011 08:46:02 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-59798 Just noticed my error on the previous post: 1. 'deleted/modified/missing' should read 'added/modified/missing' regards Just noticed my error on the previous post:

1.
‘deleted/modified/missing’ should read ‘added/modified/missing’

regards

]]> By: TerryH http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-59684 TerryH Sat, 05 Nov 2011 16:49:27 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-59684 Hi Nik I have written another script without md5, which comes in 2 files (you won't get any 'Missing’ and ‘Modified' repetitions with these). Read the file comments for setup: 1. File 'web_search.php' This one will display all deleted/modified/missing files from the site route through to the deepest sub-directory and send an email alert to the nominated email address. The link for this file is: http://dl.dropbox.com/u/8512030/web_search.php 2. File 'web_search_cron.php' This is basically the same file without any formatting and no response at all where no changes are found. It is intended to be used as a scheduled task or cron job. The link for this file is: http://dl.dropbox.com/u/8512030/web_search_cron.php Hope you find the code useful - if you have a question, upload it here. Regards Hi Nik

I have written another script without md5, which comes in 2 files (you won’t get any ‘Missing’ and ‘Modified’ repetitions with these).

Read the file comments for setup:

1.
File ‘web_search.php’ This one will display all deleted/modified/missing files from the site route through to the deepest sub-directory and send an email alert to the nominated email address. The link for this file is:
http://dl.dropbox.com/u/8512030/web_search.php

2.
File ‘web_search_cron.php’ This is basically the same file without any formatting and no response at all where no changes are found. It is intended to be used as a scheduled task or cron job. The link for this file is:
http://dl.dropbox.com/u/8512030/web_search_cron.php

Hope you find the code useful – if you have a question, upload it here.

Regards

]]> By: Nick http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-59209 Nick Wed, 02 Nov 2011 21:13:42 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-59209 @TerryH Any chance of a copy of the latest version of your modified script? My email is: support banana camstudio apple org (Replace banana with @ and apple with a .) Thanks in advance Nick @TerryH

Any chance of a copy of the latest version of your modified script?

My email is: support banana camstudio apple org
(Replace banana with @ and apple with a .)

Thanks in advance

Nick

]]> By: iceorigin http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-38443 iceorigin Sun, 15 May 2011 11:13:54 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-38443 Thanks for developing this script,I have put it in my own server. Thanks for developing this script,I have put it in my own server.

]]> By: wcdspro http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-35351 wcdspro Sun, 27 Mar 2011 20:23:57 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-35351 Free service to detect website changes. Free service to detect website changes.

]]> By: TerryH http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-30173 TerryH Wed, 26 Jan 2011 22:44:33 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-30173 Forgot to say. If it's only email that's affected, check that you're server is not allowing open relay. Forgot to say. If it’s only email that’s affected, check that you’re server is not allowing open relay.

]]> By: TerryH http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted/comment-page-1/#comment-30172 TerryH Wed, 26 Jan 2011 22:41:59 +0000 http://www.webdigi.co.uk/blog/?p=31#comment-30172 Hi Meg A site on my server was recently hacked. The hacker claimed to be a representative of Al Queda (probably a hoax) but I found files in the route directory that I didn't put there - index.htm, index.html some .asp files and some .txt files (which I wouldn't exclude in the above script, if I were you). Create new FTP accounts and delete the old ones. If you are using a dedicated server, change your RDT access password, and do it often. There's no point in installing the websitecds script until you know that your site is clean. Check sub-directories too. As far as I know, there's no script to detect the hacker's files. It has to be done manually. Hope that helps TerryH Hi Meg

A site on my server was recently hacked. The hacker claimed to be a representative of Al Queda (probably a hoax) but I found files in the route directory that I didn’t put there – index.htm, index.html some .asp files and some .txt files (which I wouldn’t exclude in the above script, if I were you). Create new FTP accounts and delete the old ones. If you are using a dedicated server, change your RDT access password, and do it often. There’s no point in installing the websitecds script until you know that your site is clean. Check sub-directories too. As far as I know, there’s no script to detect the hacker’s files. It has to be done manually.

Hope that helps

TerryH

]]>