Irongeek's Shared hosting MD5 Change Detection Script
Adrian Crenshaw aka Irongeek just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually "irongeek.com" was hacked few days back which is hosted on a shared hosting. There is an awesome article posted by him on his blog "How I Got Pwned: Lessons in Ghetto Incident Response". I think after that Adrian decide to make a handy tool/script to help web admins so that they can easily monitoring there files on a shared server.
The problem is that we dont even have an idea that our site is hacked until it is too late or too embrassing. Irongeek write a script , that will run on the server and will detects any changes or to any executable file on the server or any new file on the server from HTML, JS, to PHP, ASP, Perl, Python files etc. It will generate a hash value of all our files and then compare them periodically, then we will be able to detect when our codebase has changed on the server.
A cron job can be setup to run the web server, compare the results with the last known valid hash and send out an email alert. Another similar tool was released by Dave Kennedy named "Artillery" for confusing hackers and protection tool for Linux.