Checking Your Web Site for Changed Files

I manage several web sites. Most of them are for my amusement. A monthly count of visits to some of these sites can probably be counted on one finger of one hand.

I also manage a few WordPress-based sites. Some of them have a reasonable amount of traffic. As with any type of site, there is a possibility of an attack that might insert some malware code into a page.

An example of this is the recent attack against WordPress sites, by trying to log in as the ‘admin’ user using a dictionary attack of passwords. There were many WordPress sites that were successfully compromised due to poor security or password practices. (See this entry.)

Now the WordPress sites that I manage weren’t compromised with this attack. I always create a new admin-level user, select a strong password. I then log in as that new admin-level user, then demote the existing ‘admin’ user to the lowest authority level, ensuring it has a strong (and different) password. That way, that ‘admin’ user is still there, but a successful login of ‘admin’ would not give the attacker any privileges.

Other sites that I have created and manager are written in PHP, and there is the possibility of attacks there,although I do try to write code that prevents exploitation.

But I needed a way to check a bunch of sites, and alert me if files have been changed. There are paid programs to do that, but a well-written custom program would work too. Here are the requirements for such a program.

  • The program should look at all files on the site, and compute a ‘hash’ of some sort.
  • The program should store those file names and hash values in a database table.
  • Each time the program runs, it should compare the current file/hash values with the values stored in the database. If the values do not match, then the file has changed.
  • If there are new files on the site, the program should add those to the database
  • The results of new and changed files should be emailed to me
  • The process should be automatically scheduled to run on a regular basis.

That sounds reasonable enough. Since I am the owner of the site, I should be able to look at the email and determine if there were any files changed or added that I don’t know about. Then I can investigate further to see why the file had changed. it would be a good program to have on a web site to be alerted about changes.

Now, there are probably programs out there that do that – paid or open-source. But it would be a good exercise for me to write one of my own. Of course, there might be some code fragments out there in the ‘googles’ that might be useful and save some programming time. But the result would be something that would be very useful to me.

So that’s what I did. The result is a program I call “HashFiles”. It is a fairly simple process, and will work with small and large sites. And it does each of the items in my requirements list. I am rather pleased with myself for figuring it out.

So I decided that the program might be useful for others. If you are interested (and this is assuming that anyone is really reading this blog besides me – perhaps a generous assumption), please indicate your interest in a comment.