Results 1 to 3 of 3
I am having dedicated centos server, and one of my site got hacked. So please anyone help for this security issues. I need to get an email alert if anyone ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-05-2013 #1
- Join Date
- Dec 2011
How to get an Email alert from linux server, when any file updated.
I am having dedicated centos server, and one of my site got hacked.
So please anyone help for this security issues.
I need to get an email alert if anyone updated or created php file in my server for last 24 hours.
Is there any perl script to do this job as well as any cron job codes.
Is there any other tool for file monitor and get Email alert in daily basis.
Thanks for advance.
- 03-05-2013 #2
Have a look at aide
But there are two catches:
1) The compare database needs to be in a secure place and readonly.
If the attacker can modify it, then the integrity scan cannot be trusted.
2) On every system update, you need to update and secure the new aide.db again.
So in short: This is not a fire&forget tool, it does increase maintenance work by quite a bit.You must always face the curtain with a bow.
- 03-06-2013 #3
- Join Date
- Mar 2013
It can be done easier. Let's start with breaking down the attack into two distinct common types:
2) Malware infection
These will be the bulk of your problem, so we will concentrate on fixing these with minimal effort.
The malware problem can be dealt with using off-the-shelf tools and major search engines will even allow you to opt-in to receive webmaster mail with alerts of this kind.
But let's face the defacing.
The attacker will want to use your default URI (/index.htm, /) to display his claim to the world, typically radical political views. He may leave the rest be or delete it, but that's just vandalism and it's not their interest to bother with it much.
To take advantage of the predictable behavior, you need to find a webhosting that supports PHP, Cron and mailing. You see where this is going. Have the remote script check your homepage often. A parameter that drops any dynamic content will help a lot: wwwexamplecom/?static can then drop all load averages, headlines, RSS, name days and the like to produce the same output every time. And the remote script will remember the hash of that and post you when it changes. It will help generating a hash of the "/?static" secret REQUEST_URI and compare the hash in your index script to deter smart hackers who will try to supply the unmodified version to your checking script. This way, they won't be able to find out the secret parameter to avoid the trap. Salt the hash with the index.php itself to make it more robust, but this will require external storage of the hash - in a separate file. It's worth the trouble lest the hacker could insert a code to eavesdrop on your secret parameter.