Skip to content
/ FileWatcher Public
forked from PHPGangsta/FileWatcher

This PHP class detects file changes and sends alarms. Useful for detecting hackers changing website files.

phpgangsta.de/3265
0 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jassyr/FileWatcher

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

PHPMailer_5.2.0

PHPMailer_5.2.0

 
 

.gitignore

.gitignore

 
 

FileWatcher.config.php

FileWatcher.config.php

 
 

FileWatcher.php

FileWatcher.php

 
 

README.md

README.md

 
 

example.php

example.php

 
 

Repository files navigation

FileWatcher PHP class

Usage:

edit FileWatcher.config.php and set email address, password and all paths and filenames

create your main script, see example.php. Should be more or less 4 lines like this:

<?php

require_once 'FileWatcher.php';
$fileWatcher = new FileWatcher();

$fileWatcher->readConfig('FileWatcher.config.php')
            ->checkNow();

upload everything important to your website (you don't need README and ToDo).

run this script on the server regularly (password and overallHash are optional):

http://www.domain.de/example.php

or from CLI:

php example.php

make sure 2 files have been created on the first run: FileWatcher.log and FileWatcher.MasterHashes.txt

Security considerations:

  • If you want to make it a little bit more secure you can set a password and provide it via GET, POST or CLI parameter. POST is preferrred over GET, for example via curl or wget, then the password is not logged to Apache access.log
  • You can also provide the script with an overall hash that you provide via GET or POST like this: http://www.domain.de/example.php?password=YourPassword&overallhash=243a7ab8c30ebdf31728fd947a1bab0ad7ddfc65
  • If possible you should put all data outside your document root, otherwise the hacker could also change these files and disable your FileWatcher or manipulate the master hashes file. Obviously then you cannot use the obove http calls, you then have to work with local cronjobs on the machine.

ToDo:

  • add example calls with curl or wget when sending POST data to the script
  • provide more information about new/deleted/changed files: modified time, creation time, on a new file perhaps the first 10 lines?
  • add additional parameters to mail() call, for example sendmail sometimes needs -f
  • change alert methods to a plugin structure, so new alert methods can be added easily
  • make alert email a bit nicer, perhaps a nice html mail with a table and color codes, like a colored diff?
  • add logFilename and masterHashesFilename to exclude dir if includePaths contains .
  • also support checking filesize and last-modified-timestamp, that should be faster on large or many files
  • maybe skipping of excluded files (excludeFolderList, excludeExtensionList) is easier with FilterIterator

Notes:

If you like this script or have some features to add, contact me, fork this project, send pull requests, you know how it works.

About

This PHP class detects file changes and sends alarms. Useful for detecting hackers changing website files.

phpgangsta.de/3265

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 82.0%
  • CSS 9.5%
  • HTML 8.5%