phpHackChecker: sends you a report of all changed files on your server

20 Mar
Posted by aRo` as php, tools
This is an example with a

headline
`
This php script will send you a mail with all the files that have been changed within an interval you specify.  
I created this script because someone hacked into my shared hosting account and added some hidden spammy link into my templates. And since most shared hosting accounts do not have any kind of logfiles available, it is almost impossible for you to find out how the hacker got in. I could even be, the hacker got acces to your files by hacking another shared hosting account on that server.
With this script you will at least be notified when someone has changed the files on your server.
settings:
PLAIN TEXT
PHP:




$from="name@domain.com";


$to="name@domain.com";


$subject="changes on webhosting";


$domain = "yourdomain.com";


 


$settings = array( array( 


                wwwname => 'htdocs1',


                wwwdirectory => '/mounted-storage/home/website1.com' 


            ),


            array( 


                wwwname => 'htdocs2',


                wwwdirectory => '/mounted-storage/home/website2.com' 


            )


         ); 






functions
PLAIN TEXT
PHP:




function url_remove_lastslash($url){    


    if (substr($url,strlen($url)-1,1)=="/"){


        return substr($url,0,strlen($url)-1);


    }else{


        return $url;


    }


}


 


$results =  array();


function getfiles($path_start) {


    global $results;


    $dir = @opendir($path_start);


    while (false!=($file = @readdir($dir))) {


        if ($file != "." && $file != "..") {


        


            $file_path = url_remove_lastslash($path_start) . "/" .  $file;


            if(is_dir($file_path)){


                getfiles ($file_path);


            }


            $date_mod = filemtime($file_path); //get last modified date of file


            if(trim($date_mod) <> ""){


                            


                $date_mod = date("Y-m-d", $date_mod);         


                $yr = substr($date_mod,0,4); //display 'new' image if item not-older than 7days


                $mnth = substr($date_mod,5,2); 


                $dy = substr($date_mod,8,2); 


                $newday = date("Y-m-d", mktime(0,0,0,$mnth,$dy + 2,$yr)); 


                $now = date("Y-m-d");


                //echo $yr .$mnth . $dy."<br>";


                


                    if (($now <= $newday)  ) {


                        //echo $file_path . " " . $date_mod  . " " . $now  . " " . $newday. $yr .$mnth . $dy."<br>";


                        $results[$file_path][0] = $file_path ;


                        $results[$file_path][1] =  $date_mod;


                    }


            }


 


        }


 


    }


} 






check all hosting accounts & create mailbody
PLAIN TEXT
PHP:




foreach ($settings as $setting){


    $results =  array();


    $date_change = "";


    $filename= "";


    


    getfiles($setting['wwwdirectory']);


    


    $mail_body .=  "<b>".$setting['wwwname']."</b><br/>";


    


    //sort by change date


    foreach ($results as $key => $row) {


        $date_change[$key]  = $row[0];


        $filename[$key] = $row[1];


        


    }


    


    //array_multisort($filename, SORT_DESC, $date_change, SORT_ASC, $results);


    


    foreach ($results as $result){


        $mail_body .=  $result[1] . ": " . str_replace($setting['wwwdirectory'],"",$result[0])."<br/>";


    }


    


} 






mail the changed files
PLAIN TEXT
PHP:




$headers="";


   $headers .= "X-Sender:  $from <$from>\n"; // 


   $headers .="From: $from <$from>\n";


   $headers .= "Reply-To: $from <$from>\n";


   $headers .= "Date: ".date("r")."\n";


   $headers .= "Message-ID: <".date("YmdHis")."$from>\n";


   $headers .= "Subject: $subject\n";


   $headers .= "Return-Path: $from <$from>\n";


   $headers .= "Delivered-to: $from <$from>\n";


   $headers .= "MIME-Version: 1.0\n";


   $headers .= "Content-type: text/html;charset=ISO-8859-9\n";


   $headers .= "X-MSMail-Priority: Normal\n";


   $headers .= "X-Mailer: Mail send from ".$domain."!\n";


 


   //mail to customer


   if(mail($to,$subject,$mail_body,$headers)){


     echo "job executed succesfully";


   }else{


        echo "error executing job";


   } 






You can download a copy of  phpHackChecker here. Change the file extension to ".php".
Popularity: 24% [?]


      
 
Related Posts

compare 2 files
basic linux commands overview
do you trust your webhost ?
paypal ipn postback on a custom port.
Connection to access or MS SQL database in ASP