homepage Welcome to WebmasterWorld Guest from 54.224.53.192
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Alert on file types uploaded?
Alert email informing me of any php files uploaded to apache?
HostingDirectory

10+ Year Member



 
Msg#: 3480290 posted 10:37 pm on Oct 17, 2007 (gmt 0)

Is there an easy way to record and be given an alert by email when certain file types are uploaded to my server?

Recently i have had my server hacked and php files were uploaded without my knowledge. The files were on the server for a long time before i spotted them.

I have patched the security hole that allowed the files to be uploaded but since i have so many files on my server - it is very difficult to know in future if this happens again.

I was hoping on an alert by email by anything such as a .php file was uploaded - that way if i have not uploaded this myself i will know immediately that there is a problem.

Perhaps there is a way to set this in apache or a pre-coded script is available somewhere online?

If not - would you think this is a large project to code from scratch?

Ideally i would want the alert however a .php files was placed on the server - upload, via a script, etc.

 

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480290 posted 11:00 pm on Oct 17, 2007 (gmt 0)

Maybe there is a way to BLOCK such files from being uploaded?

HostingDirectory

10+ Year Member



 
Msg#: 3480290 posted 9:08 pm on Oct 18, 2007 (gmt 0)

Well i do need to upload .php files myself but maybe blocking certain folders would be helpful.

I think an email alert would be perfect as if i notice anything i had not uploaded or anyone else had not uploaded that was working on the site - i know straight away that the security has been compromised.

I have been working on a update for my site and there are many folders and files - it would be a mammoth tast to manually check these every day. Although the security hole has now been patched there are always new scripts, etc that may offer similar opertunitys in the future.

What worries me is that the file they uploaded went several months before being spotted and it was designed to get server access (passwords to just about anything).
So someone else has had access to my server for the last few months using it for something and i don't know what.

The only reason it was spotted is because Google has penalised my site and i had to look into why. It is likely because they did something Google did not like that i was unaware of.

I now have the hassle of checking every file on my server to see if anything else was placed & going through the process of a Google re-inclusion request, etc.

I knew while working on the update that there may be some security holes but was not too concerned as i had everything backed up - never thought it might lead to a Google penalisation.

Now at the last stages of the update - my traffic is low and it is a real downer.

I want to make sure the site is secure as can be so that if i can convince Google the site is now clean the problem will not happen again.

I would have though an email alert from certain file types would be a good thing and something others might have thought of in the past and perhaps there was a simple way of setting apache for this.

I am surpised that not many people have responded to this question as i am sure it is something that everyone would benefit from.

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480290 posted 10:52 pm on Oct 18, 2007 (gmt 0)

Are you actually using PHP? If not, then you can simply disable PHP on the server, or at least remove the associated MIME-type for .php files (see RemoveType [httpd.apache.org]).

It's important to note that files are not "uploaded to Apache" - Apache is simply the program which serves the files via HTTP. So the question is, how are these files being uploaded? FTP? That would be the FTP daemon, not Apache.

If you hare running a Unix-based server operating system, you can run a cron job, say once a minute, to remove permissions of any .php files.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved