Joomla! Discussion Forums



It is currently Sun Nov 22, 2009 4:02 am (All times are UTC )

 


Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 7 posts ] 
Author Message
Posted: Sun Jun 15, 2008 9:44 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 254
I have a site that's been hacked twice (despite implementation of nearly all recommended security measures). I am wondering how to write a cron job to automatically either check my files for changes, or folders for new files, or index.php for updates or something so that I can know about the hack attack before anyone else does should it happen again. I know how to cron jobs in cpanel but I don't know how to write the php code to do the checking for changes - here is a php file written for Wordpress: http://www.theblog.ca/file-change-notifications. Would this work for Joomla?


Top
  E-mail  
 
Posted: Mon Jun 16, 2008 6:47 am 
User avatar
Joomla! Master
Joomla! Master
Offline

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15089
Hi,

I think it ought to work, it just looks at files changed in the last 62 minutes and reports them through e-mail. All you need to do is adjust a relative path and probably the mail address. You could test it by altering a file yourself, that should get reported by the script.

By the way, nice find!

_________________
Regards Robin


Top
   
 
Posted: Mon Jun 16, 2008 4:33 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 254
This code works but I would like to exclude a couple of directories from the cron because they're always being updated (namely sh404SEF stuff) and I can't figure out the linux syntax for exclusion or how to include that in the main exec command.


Top
  E-mail  
 
Posted: Mon Jun 16, 2008 6:29 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3635
Location: The Girly Side of Joomla in Sussex
there is a much easier one line code to use which checks for mtime and ctime .,

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?


Top
   
 
Posted: Mon Jun 16, 2008 9:43 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 254
What is that and what does it do?


Top
  E-mail  
 
Posted: Tue Jun 17, 2008 9:30 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3635
Location: The Girly Side of Joomla in Sussex
there are several options that can be done, but be prepared for several

set up a cron job with the following line
Code:
find \public_html -type f -mtime -1 -exec ls -ls {} \;


this will produce a report line similar to this
Code:
-rw-rw-rw-  1 nobody nobody 341 Jun 16 09:13 public_html/goss/cache/sql_d08dfb.php


a code like this
Code:
find \public_html -mtime -1

will result in an email as sparse as this
Code:
public_html/cam.jpg


there are different variations you can use and will all depend on the level of reporting you require. this helps on chcecking for modifications and creations but obviously user input is required on reading the emails!

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?


Top
   
 
Posted: Tue Jun 17, 2008 3:31 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 254
The guy who developed the original script for checking for changed files had an example for modifying the exec command so that certain files or folders are excluded:
Code:
exec('find /home/username/public_html -name error_log -prune -o -path \'/home/username/public_html/components/com_sef\' -prune -o -cmin -62 -print', $last_changed);


This works very well - just make if setting up the cron tab through cpanel that you leave the email address blank or else you will be receiving emails every hour when the script runs.

Here is my entire script:
Code:
<?php

/*
This file e-mails you a list of all modified files in a certain directory
Run this file via cron every hour

"Find" shell command code syntax from:
http://www.mydigitallife.info/2006/01/19/find-files-that-are-modified-today-or-since-certain-time-ago-in-unix/
and from:
http://linux.about.com/od/commands/l/blcmdl1_find.htm
*/

// Shell command that finds all files below a certain directory that modified within the last 62 minutes
// Replace the file path (absolute or relative to this script's location) as necessary
exec('find /home/username/public_html/ -name error_log -prune -o -path \'/home/username/public_html/administrator/components/com_sef\' -prune -o -path \'/home/username/public_html/components/com_sef\' -prune -o -cmin -62 -print', $last_changed);

// Only e-mail the results if anything has changed
if ( count ( $last_changed ) > 0 ) {

    // E-mail settings
    $sendto = "E-mail receiver <myemail@mydomain.com>";
    $sendfrom = "File change script <noreply@mydomain.com>";
    $sendsubject = "yoursite.com file change notice";

    // Results of files last modified
    $email_output = 'Files modified in the last hour:';
    $email_output .= "\n";
    $email_output .= "\n";
    $last_changed_files = implode ( "\n", $last_changed);
    $email_output .= $last_changed_files;

    // Mail the file
    // You can also use the PEAR Mail package (http://pear.php.net/package/Mail) or a similar script for more robust mailing

    // Line break, which we will used for the headers
    $send_eol = "\r\n";

    $send_headers = 'From: ' . $sendfrom . $send_eol;
    $send_headers .= 'Reply-To: ' . $sendfrom . $send_eol;
    $send_headers .= 'Return-Path: ' . $sendfrom . $send_eol;

    // Send!
    mail($sendto, $sendsubject, $email_output, $send_headers);
}
?>


Top
  E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

Quick reply

 



Who is online

Users browsing this forum: No registered users and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group