Shulou(Shulou.com)06/03 Report--

This article mainly introduces "how to use Cron and PHP to detect whether a web page has been tampered with". In daily operation, I believe many people have doubts about how to use Cron and PHP to detect whether a web page has been tampered with. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to use Cron and PHP to detect whether a web page has been tampered with or not." Next, please follow the editor to study!

Network security has always been an eternal topic in the industry, and people have been engaged in an uninterrupted contest with hackers. So as an ordinary website, how can you use the easiest way to prevent your page from being tampered with? Or at least know as quickly as possible when your web page has been tampered with? In this article, we will introduce the method of using a combination of Cron and Php to check whether certain specified web pages have been tampered with.

The core idea of this method is actually very simple: "create a simple database that holds the hash values of the files to be protected, and use unix's cron scheduling method to periodically detect the hash values of the actual files and the original files, and form a report."

Of course, it involves recursively traversing a large number of files in the server file directory and calculating their hash values, which will be explained in detail below.

Database design

Let's first take a look at how the database should be designed. For security reasons, we should set up a separate database to store files that need to be protected. If the reader's site is hosted, it is recommended to use cPanel to create a database and use a strong password (for example, you can use strongpasswordgenerator.com to generate passwords of at least 8 digits of each length). We named the database baseline, and the table design is as follows:

CREATE TABLE baseline (file_path VARCHAR (200) NOT NULL, file_hash CHAR (40) NOT NULL, acct VARCHAR (40) NOT NULL PRIMARY KEY (file_path)); CREATE TABLE tested (tested DATETIME NOT NULL, account VARCHAR (40) NOT NULL PRIMARY KEY (tested))

In the baseline table, there is a very long field file_path, which stores the path on the server to protect the file, while file_hash (uses a 40-bit length for the SHA1 algorithm), and the acct field indicates whether to monitor the account or domain name. We also set file_path as the primary key.

The tested field in the tested table holds the specific time of each scan, while the account field is the same as the acct field in the baseline table to allow separate scanning of the account or domain name.

Some preparatory work before defining the PHP file

Next, we will do some preparation for the development of the php file, first defining some constants to be used in the php file.

PATH . This is the starting path to scan on your server, which usually refers to DocumentRoot. Remember not to use the backslash in Windows because both Apache and PHP use forward slashes.

Parameters such as address and user password to access the database, such as SERVER ('localhost'), USER, PASSWORD and DATABASE

And some other variables are as follows:

Save the array that needs to check the file extension. In this example, only arrays are used to save files in formats such as .php, .htm, and .js. In this article, if an empty array is used, files in all formats are checked by default (this is the safest, but resource-intensive).

Directories that need to be excluded for inspection. This is generally not recommended, and if you do not need to check a directory, you can place it in an array in this article

There are also several parameters to set, including the $file array, initialized to empty, $report initialized to an empty string, and the $act string (used with the account/acct field in the data table).

Start coding

Let's officially encode, let's take a look at the following code:

Let's explain the above code. First, use the two built-in functions RecursiveDirectoryIterator in php (to get all the files and directories under the specified directory), then loop through it, and check whether each directory is in the directory that needs to be excluded, and if it is included in the test list, to detect whether there are files that need to be excluded. * place the final files to be detected in the array $files. The key of this array is the name of the file and the value is the hash value calculated by the SHA1 algorithm. So the number of files can be obtained immediately by the following methods

$report. = "Files has". Count ($files). "records.\ r\ n"

Then, we need to get the time of a hash scanned file from the tested table, as follows:

$results = mysqli_query ($db, "SELECT tested FROM tested WHERE acct ='$acct' ORDER BY tested DESC LIMIT 1"); if ($results) {while ($result=mysqli_fetch_array ($results)) {$tested = $result ['tested'];} $report. = "Last tested $tested.\ r\ n";}

Next, to compare the hash value of the file scanned by hash with the hash value of the file in the original baseline table, the code used is as follows:

If (! emptyempty ($files)) {$result = mysqli_query ($db, "SELECT * FROM baseline"); if (! emptyempty ($result)) {foreach ($result as $value) {$baseline [$value ["file_path"] = $value ["file_hash"];} $diffs = array_diff_assoc ($files, $baseline); unset ($baseline) }} / / Save different parts to Deleted, Altered and Added arrays if (! emptyempty ($files)) {$results = mysqli_query ($db, "SELECT file_path, file_hash FROM baseline WHERE acct ='$acct'"); if (! emptyempty ($results)) {$baseline = array (); / / from database $diffs = array () / / different while of $files and $baseline array ($value = mysqli_fetch_array ($results)) {if (! array_key_exists ($value ["file_path"], $files)) {/ / deleted file $diffs ["Deleted"] [$value ["file_path"]] = $value ["file_path"] $baseline [$value ["file_path"]] = $value ["file_hash"] } else {/ / changed file if ($files [$value ["file_path"]] $value ["file_hash"]) {$diffs ["Altered"] [$value ["file_path"]] = $value ["file_path"] $baseline [$value ["file_path"]] = $value ["file_path"];} else {/ / unchanged file $baseline [$value ["file_path"]] = $value ["file_hash"];} if (count ($baseline)

< count($files)) { // 增加的文件 $diffs["Added"] = array_diff_assoc($files, $baseline); } unset($baseline); } } 当上面这段代码执行完毕后，$diffs数组或者是空的或者会包含改变了的文件（删除，修改，增加）和它们的哈希值。 然后我们可以将结果通过EMAIL发送给用户了。代码如下： if (!emptyempty($diffs)) { $report .= "The following discrepancies were found:\r\n\r\n"; foreach ($diffs as $status =>

$affected) {if (is_array ($affected) & &! emptyempty ($affected)) {$report. = "* $status *\ r\ n\ n\ n"; foreach ($affected as $path = > $hash) $report. = "? $path\ r\ n";} else {$report. = "File structure is intact.\ r\ n";} $mailed = mail ('you@example.com', $acct. ' Integrity Monitor Report',$report)

And to update the data of the baseline table and tested table, the code is as follows:

/ erase old data mysqli_query ($db, "DELETE FROM baseline WHERE acct ='$acct'"); / / add new files and corresponding hash values to foreach ($files as $path = > $hash) {mysqli_query ($db, "INSERT INTO baseline (file_path, file_hash, acct) VALUES ('$path','$hash','$acct'");} mysqli_query ($db, "INSERT INTO tested (tested, acct) VALUES (NOW (),'$acct')") Mysqli_close ($db)

*. In order to enable the system to execute the php file regularly, you can make full use of the cron task plan in unix, so you can write the cron file as follows:

/ usr/local/bin/php-Q / home/account/hashscan.php

Among them, / usr/local/bin/php is the path of php on your server, you can set how often to detect files on the server every day according to the actual situation (this can be achieved by writing cron expressions, readers can refer to relevant materials on how to write cron expressions).

At this point, the study on "how to use Cron and PHP to detect whether a web page has been tampered with" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.