After what happened to “Grandad”  @ Head Rambles recently, got me thinking in finding a way to monitor any changes made to the .htaccess file.

Grandad’s .htaccess file, was injected with some malicious code, checking for the USER_AGENT, in turn redirecting “Googlebot, Slurp, msnbot” to another website.

This can be easily achieved as the server itself  updates the date & time of the file/s changed by adding a timestamp to it.
Keeping track is not that hard, once we have this value stored for later comparison.

The solution I came up with, is to create a directory where a new text file is created, which in turn will store the existing file timestamp.

With a bit of PHP coding, we can read the contents of the text file created and compare it with the existing timestamp of the file itself.
If the current timestamp is not equal to what we have stored, an ALERT email will be sent to the website administrator, who can verify the content of the file itself, making sure no malicious changes were made as per example given above.

The code can be downloaded from here >>

and please let me know if you encounter any problems….

Be Sociable, Share!

• 

This entry was posted on Thursday, March 19th, 2009 at 10:59 am and is filed under .htaccess, PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

(2 votes, average: 5.00 out of 5)

 Loading ...