Cron job to check for code changes?

latristesse · **Joined:** Mon Dec 12, 2005 9:59 pm **Posts:** 254

I have a site that's been hacked twice (despite implementation of nearly all recommended security measures). I am wondering how to write a cron job to automatically either check my files for changes, or folders for new files, or index.php for updates or something so that I can know about the hack attack before anyone else does should it happen again. I know how to cron jobs in cpanel but I don't know how to write the php code to do the checking for changes - here is a php file written for Wordpress: http://www.theblog.ca/file-change-notifications. Would this work for Joomla?

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

Hi,

I think it ought to work, it just looks at files changed in the last 62 minutes and reports them through e-mail. All you need to do is adjust a relative path and probably the mail address. You could test it by altering a file yourself, that should get reported by the script.

By the way, nice find!

latristesse · **Joined:** Mon Dec 12, 2005 9:59 pm **Posts:** 254

This code works but I would like to exclude a couple of directories from the cron because they're always being updated (namely sh404SEF stuff) and I can't figure out the linux syntax for exclusion or how to include that in the main exec command.

mandville · **Posted:** Mon Jun 16, 2008 6:29 pm

there is a much easier one line code to use which checks for mtime and ctime .,

latristesse · **Joined:** Mon Dec 12, 2005 9:59 pm **Posts:** 254

What is that and what does it do?

mandville · **Posted:** Tue Jun 17, 2008 9:30 am

there are several options that can be done, but be prepared for several

set up a cron job with the following line

Code:

find \public_html -type f -mtime -1 -exec ls -ls {} \;

this will produce a report line similar to this

Code:

-rw-rw-rw-  1 nobody nobody 341 Jun 16 09:13 public_html/goss/cache/sql_d08dfb.php

a code like this

Code:

find \public_html -mtime -1

will result in an email as sparse as this

Code:

public_html/cam.jpg

there are different variations you can use and will all depend on the level of reporting you require. this helps on chcecking for modifications and creations but obviously user input is required on reading the emails!

latristesse · **Joined:** Mon Dec 12, 2005 9:59 pm **Posts:** 254

The guy who developed the original script for checking for changed files had an example for modifying the exec command so that certain files or folders are excluded:

Code:

exec('find /home/username/public_html -name error_log -prune -o -path \'/home/username/public_html/components/com_sef\' -prune -o -cmin -62 -print', $last_changed);

This works very well - just make if setting up the cron tab through cpanel that you leave the email address blank or else you will be receiving emails every hour when the script runs.

Here is my entire script:

Code:

<?php

/*
This file e-mails you a list of all modified files in a certain directory
Run this file via cron every hour

"Find" shell command code syntax from:
http://www.mydigitallife.info/2006/01/19/find-files-that-are-modified-today-or-since-certain-time-ago-in-unix/
and from:
http://linux.about.com/od/commands/l/blcmdl1_find.htm
*/

// Shell command that finds all files below a certain directory that modified within the last 62 minutes
// Replace the file path (absolute or relative to this script's location) as necessary
exec('find /home/username/public_html/ -name error_log -prune -o -path \'/home/username/public_html/administrator/components/com_sef\' -prune -o -path \'/home/username/public_html/components/com_sef\' -prune -o -cmin -62 -print', $last_changed);

// Only e-mail the results if anything has changed
if ( count ( $last_changed ) > 0 ) {

    // E-mail settings
    $sendto = "E-mail receiver <myemail@mydomain.com>";
    $sendfrom = "File change script <noreply@mydomain.com>";
    $sendsubject = "yoursite.com file change notice";

    // Results of files last modified
    $email_output = 'Files modified in the last hour:';
    $email_output .= "\n";
    $email_output .= "\n";
    $last_changed_files = implode ( "\n", $last_changed);
    $email_output .= $last_changed_files;

    // Mail the file
    // You can also use the PEAR Mail package (http://pear.php.net/package/Mail) or a similar script for more robust mailing

    // Line break, which we will used for the headers
    $send_eol = "\r\n";

    $send_headers = 'From: ' . $sendfrom . $send_eol;
    $send_headers .= 'Reply-To: ' . $sendfrom . $send_eol;
    $send_headers .= 'Return-Path: ' . $sendfrom . $send_eol;

    // Send!
    mail($sendto, $sendsubject, $email_output, $send_headers);
}
?>

Joomla! Discussion Forums

Forum rules

Cron job to check for code changes?

Quick reply

Who is online