The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Sun Jun 15, 2008 9:44 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 265
I have a site that's been hacked twice (despite implementation of nearly all recommended security measures). I am wondering how to write a cron job to automatically either check my files for changes, or folders for new files, or index.php for updates or something so that I can know about the hack attack before anyone else does should it happen again. I know how to cron jobs in cpanel but I don't know how to write the php code to do the checking for changes - here is a php file written for Wordpress: http://www.theblog.ca/file-change-notifications. Would this work for Joomla?


Top
 Profile  
 
PostPosted: Mon Jun 16, 2008 6:47 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15753
Hi,

I think it ought to work, it just looks at files changed in the last 62 minutes and reports them through e-mail. All you need to do is adjust a relative path and probably the mail address. You could test it by altering a file yourself, that should get reported by the script.

By the way, nice find!

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin


Top
 Profile  
 
PostPosted: Mon Jun 16, 2008 4:33 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 265
This code works but I would like to exclude a couple of directories from the cron because they're always being updated (namely sh404SEF stuff) and I can't figure out the linux syntax for exclusion or how to include that in the main exec command.


Top
 Profile  
 
PostPosted: Mon Jun 16, 2008 6:29 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12464
Location: The Girly Side of Joomla in Sussex
there is a much easier one line code to use which checks for mtime and ctime .,

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Mon Jun 16, 2008 9:43 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 265
What is that and what does it do?


Top
 Profile  
 
PostPosted: Tue Jun 17, 2008 9:30 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12464
Location: The Girly Side of Joomla in Sussex
there are several options that can be done, but be prepared for several

set up a cron job with the following line
Code:
find \public_html -type f -mtime -1 -exec ls -ls {} \;


this will produce a report line similar to this
Code:
-rw-rw-rw-  1 nobody nobody 341 Jun 16 09:13 public_html/goss/cache/sql_d08dfb.php


a code like this
Code:
find \public_html -mtime -1

will result in an email as sparse as this
Code:
 public_html/cam.jpg


there are different variations you can use and will all depend on the level of reporting you require. this helps on chcecking for modifications and creations but obviously user input is required on reading the emails!

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Tue Jun 17, 2008 3:31 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 265
The guy who developed the original script for checking for changed files had an example for modifying the exec command so that certain files or folders are excluded:
Code:
exec('find /home/username/public_html -name error_log -prune -o -path \'/home/username/public_html/components/com_sef\' -prune -o -cmin -62 -print', $last_changed);


This works very well - just make if setting up the cron tab through cpanel that you leave the email address blank or else you will be receiving emails every hour when the script runs.

Here is my entire script:
Code:
<?php

/*
This file e-mails you a list of all modified files in a certain directory
Run this file via cron every hour

"Find" shell command code syntax from:
http://www.mydigitallife.info/2006/01/19/find-files-that-are-modified-today-or-since-certain-time-ago-in-unix/
and from:
http://linux.about.com/od/commands/l/blcmdl1_find.htm
*/

// Shell command that finds all files below a certain directory that modified within the last 62 minutes
// Replace the file path (absolute or relative to this script's location) as necessary
exec('find /home/username/public_html/ -name error_log -prune -o -path \'/home/username/public_html/administrator/components/com_sef\' -prune -o -path \'/home/username/public_html/components/com_sef\' -prune -o -cmin -62 -print', $last_changed);

// Only e-mail the results if anything has changed
if ( count ( $last_changed ) > 0 ) {

    // E-mail settings
    $sendto = "E-mail receiver <myemail@mydomain.com>";
    $sendfrom = "File change script <noreply@mydomain.com>";
    $sendsubject = "yoursite.com file change notice";

    // Results of files last modified
    $email_output = 'Files modified in the last hour:';
    $email_output .= "\n";
    $email_output .= "\n";
    $last_changed_files = implode ( "\n", $last_changed);
    $email_output .= $last_changed_files;

    // Mail the file
    // You can also use the PEAR Mail package (http://pear.php.net/package/Mail) or a similar script for more robust mailing

    // Line break, which we will used for the headers
    $send_eol = "\r\n";

    $send_headers = 'From: ' . $sendfrom . $send_eol;
    $send_headers .= 'Reply-To: ' . $sendfrom . $send_eol;
    $send_headers .= 'Return-Path: ' . $sendfrom . $send_eol;

    // Send!
    mail($sendto, $sendsubject, $email_output, $send_headers);
}
?>


Top
 Profile  
 
PostPosted: Sat Jun 11, 2011 12:37 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Jun 10, 2011 11:38 pm
Posts: 4
Thanks for the above code (read the thread with much interest). I had issues getting it to work on one of my sites but am almost there. I have my cron job running every 15 minutes and within 20 minutes of a RFI I was back up and running again.

I changed the script slightly as was getting errors and wondering if its possibe to parameratise<sp> the folders to prune? or, to be able to have each folder exclusion on a seperate line (I've tried loads of ways but it keeps on throwing errors). this is my current string...

exec('find /home/secret/public_html -name com_akeeba -prune -o -name cache -prune -o -name error_log -prune -o -name rsgallery -prune -o -name logs -prune -o -name com_sh404sef -prune -o -type f -cmin -17 -print', $last_changed);


Top
 Profile  
 
PostPosted: Sun Jun 12, 2011 4:08 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Dec 12, 2005 9:59 pm
Posts: 265
I'm not sure this works with PHP 5.3 - if anybody has any suggestions for how to get it to comply with PHP 5.3, please post them here. Meanwhile I will keep researching....


Top
 Profile  
 
PostPosted: Thu Sep 15, 2011 12:38 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Sep 15, 2011 12:26 am
Posts: 1
Could not open input file: /home/allweb/public_html/cron.php


I keep getting the error above, has anyone got a solution?
I have been searching but most of the solutions don't seem to work
Advise would be most welcome.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 



Who is online

Users browsing this forum: Exabot [Bot] and 20 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group