After going to a few great talks at PHPUK14, I thought I would chime in on the security band wagon. The talks were predominantly aimed at clean up post intrusion and covered the topic well.
So here is one method I have put together a prototype for that should work on versions of PHP back to v4.49 (just in case your hosting company is that out of date). It makes use of a salted SHA1 hash of every file in your hosting directory, performance was an issue at first but this the application will now generate 10732 file hashes (153MB worth of files) in about 6.2 seconds on an average shared hosting server so I would count that as not too bad.
The idea is to scan all the files in your hosting environment, SHA1 hashing all of them using a salt specified by the user. Once this has been done the user can then use the scan functionality with the same salt to detect any anomalies like changed or deleted files. So here it is in all its glory, please be nice….
This post has been viewed 1322 times.