Welcome to WebmasterWorld Guest from 220.127.116.11
Recently i have had my server hacked and php files were uploaded without my knowledge. The files were on the server for a long time before i spotted them.
I have patched the security hole that allowed the files to be uploaded but since i have so many files on my server - it is very difficult to know in future if this happens again.
I was hoping on an alert by email by anything such as a .php file was uploaded - that way if i have not uploaded this myself i will know immediately that there is a problem.
Perhaps there is a way to set this in apache or a pre-coded script is available somewhere online?
If not - would you think this is a large project to code from scratch?
Ideally i would want the alert however a .php files was placed on the server - upload, via a script, etc.
I think an email alert would be perfect as if i notice anything i had not uploaded or anyone else had not uploaded that was working on the site - i know straight away that the security has been compromised.
I have been working on a update for my site and there are many folders and files - it would be a mammoth tast to manually check these every day. Although the security hole has now been patched there are always new scripts, etc that may offer similar opertunitys in the future.
What worries me is that the file they uploaded went several months before being spotted and it was designed to get server access (passwords to just about anything).
So someone else has had access to my server for the last few months using it for something and i don't know what.
The only reason it was spotted is because Google has penalised my site and i had to look into why. It is likely because they did something Google did not like that i was unaware of.
I now have the hassle of checking every file on my server to see if anything else was placed & going through the process of a Google re-inclusion request, etc.
I knew while working on the update that there may be some security holes but was not too concerned as i had everything backed up - never thought it might lead to a Google penalisation.
Now at the last stages of the update - my traffic is low and it is a real downer.
I want to make sure the site is secure as can be so that if i can convince Google the site is now clean the problem will not happen again.
I would have though an email alert from certain file types would be a good thing and something others might have thought of in the past and perhaps there was a simple way of setting apache for this.
I am surpised that not many people have responded to this question as i am sure it is something that everyone would benefit from.
It's important to note that files are not "uploaded to Apache" - Apache is simply the program which serves the files via HTTP. So the question is, how are these files being uploaded? FTP? That would be the FTP daemon, not Apache.
If you hare running a Unix-based server operating system, you can run a cron job, say once a minute, to remove permissions of any .php files.