Msg#: 4181141 posted 1:46 pm on Aug 3, 2010 (gmt 0)
One of my sites was hacked - hidden iframe inserted at the end. I only noticed/took care of that about a week later (updated popular forum software to latest version, 403d suspicious requests by patterns). Compared source code with backup files to determine what changes have been made by hackers to recover. Fortunately there was no db changes.
I have some programming skills, so thinking of creating a script which would create a db of filename/size, check these periodically, and send me an email in case of changes or if new files added. Sure there will have to be a lot of settings like folders to skip (downloads), etc. This approach will not take care of db-driven hacks though. I'm not security expert, so maybe such a script is a bad idea. Another idea - have some external service to track changes to few important site pages. But this approach will not work on dynamic sites (like news etc.), will not reveal new files (backdoors/shells), and will eat traffic.
What do you do to be alerted of hacking as soon as possible?
Msg#: 4181141 posted 9:21 pm on Aug 5, 2010 (gmt 0)
Created php script (requires SQLite3) which detects filesize changes and newly added files on the server (not yet tracking deleted). Collects detected changes and sends report by email. Scheduled it as cron job on my site. So far working good. Still do not know how they hacked me.
Msg#: 4181141 posted 8:50 am on Aug 16, 2010 (gmt 0)
I got a chuckle last week. Some schmuck spent over 4 hours trying to hack into my site. The stuff he was trying indicates he wanted access to the database.
The irony - the site had no database, it's a good ol' fashioned html site with 40 different, hand typed/coded, articles. I hope he comes back.
I don't worry too much about hacking on my sites, I make regular backups and store them off site. More importantly I "do the rounds" each day to check stats and perform minor maintenance. If you keep up with things daily any problems can be quickly spotted and fixed.