Checking websites for intrusions

When I recently installed this blog a thought about how you could monitor a website for intrusions. Almost all sites use some kind of content management system, blog or other portal software. Unfortunately we all know that software does have flaws an that there are script kiddies out there who do not hesitate to exploit them as soon as they are found. Since most of the small sites and blogs are hosted on simple PHP/MySQL webspace it is not as easy to monitor the integrity of your site when the web application has hundreds of files buried deep in a directory hierarchy and you only have FTP access to browse through it.

I googled for tools that create checksums for websites but I didn’t find much, so I started on creating a PHP application for that that purpose. My prototype has the following functionality:

  • generating an xml list with checksums (SHA1) and file dates for a complete directory tree
  • the xml list can be downloaded to be stored locally
  • the xml checksum list can later be uploaded to be compared against the current state of the website
  • a comparison is computed and display showing all modified, new and missing files with the information what (date, size, checksum) has been modified.

Here are two screenshots that show the current development version:

Main Form - generate and compare checksumsChecksum Comparison View

I will continue working on this tool and make it available as open source when it’s fairly stable.