homepage Welcome to WebmasterWorld Guest from 54.226.191.80
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Timely hacked alert
What do you do to be alerted of hacking as soon as possible
joelgreen




msg:4181143
 1:46 pm on Aug 3, 2010 (gmt 0)

One of my sites was hacked - hidden iframe inserted at the end. I only noticed/took care of that about a week later (updated popular forum software to latest version, 403d suspicious requests by patterns). Compared source code with backup files to determine what changes have been made by hackers to recover. Fortunately there was no db changes.

I have some programming skills, so thinking of creating a script which would create a db of filename/size, check these periodically, and send me an email in case of changes or if new files added. Sure there will have to be a lot of settings like folders to skip (downloads), etc. This approach will not take care of db-driven hacks though. I'm not security expert, so maybe such a script is a bad idea.
Another idea - have some external service to track changes to few important site pages. But this approach will not work on dynamic sites (like news etc.), will not reveal new files (backdoors/shells), and will eat traffic.

What do you do to be alerted of hacking as soon as possible?

Thanks!

 

joelgreen




msg:4182777
 9:21 pm on Aug 5, 2010 (gmt 0)

Created php script (requires SQLite3) which detects filesize changes and newly added files on the server (not yet tracking deleted). Collects detected changes and sends report by email. Scheduled it as cron job on my site. So far working good. Still do not know how they hacked me.

adrianTNT




msg:4182786
 9:38 pm on Aug 5, 2010 (gmt 0)

Maybe you got infected on local computer? In my case the free Avast antivirus didnt notice the infection, AVG internet trial did.

engine




msg:4183149
 3:37 pm on Aug 6, 2010 (gmt 0)

Joelgreen, I found exactly that kind of hack the other day. I still haven't found out how it happened.

Sgt_Kickaxe




msg:4187580
 8:50 am on Aug 16, 2010 (gmt 0)

I got a chuckle last week. Some schmuck spent over 4 hours trying to hack into my site. The stuff he was trying indicates he wanted access to the database.

The irony - the site had no database, it's a good ol' fashioned html site with 40 different, hand typed/coded, articles. I hope he comes back.

I don't worry too much about hacking on my sites, I make regular backups and store them off site. More importantly I "do the rounds" each day to check stats and perform minor maintenance. If you keep up with things daily any problems can be quickly spotted and fixed.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved