Re: [Aide] AIDE and Wordpress? Constant wp-content changes? Is it normal?
On Friday, May 1, 2015, Alex Morin-Sénécal a...@fortunelab.net wrote: Hi, I'm using AIDE to check on old Wordpress installation that doesn't get new content added. There was a advertisement script added to the header of one of our sites at some point, so we wanted to use AIDE to know when something like this happens, because a lot of Wordpress sites are hit by 0 day exploits, so it's inevitable something like this will happen again at some point, and we want to know when it will happen and act on it. Anyways, I'm using the NORMAL rules for these sites, which might not be ideal? The log is a little strange. Well, perhaps not strange, but can someone explain this behavior?: Directory: /home/company/site.com/wp-content/themes http://brownstoneplayhouse.com/wp-content/themes Mtime: 2015-04-30 04:01:27 , 2015-04-30 15:55:43 Ctime: 2015-04-30 04:01:27 , 2015-04-30 15:55:43 Directory: /home/company/site.org/wp-content/plugins http://fondationfabiennecolas.org/wp-content/plugins Mtime: 2015-04-28 10:14:47 , 2015-04-30 17:27:15 Ctime: 2015-04-28 10:14:47 , 2015-04-30 17:27:15 I'm getting a lot of these for the various sites we host and it's always in wp-content, the themes or plugins folder. So practically, something changed, but what? I suppose this is normal behavior and it's probably a side effect of Wordpress checking for updates or just doing something for one reason or another? I'm just wondering if this is normal and if there's nothing to worry about. Better be safe than sorry. Thanks Can you try to describe the problem more specifically? Is the problem that the ctime and mtime of directories is changing, but there are no changes to the content of the directory? Bear in mind that Wordpress has automatic update features, so some unexpected changes may occur. Regards, Keith Constable ___ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
Re: [Aide] AIDE and Wordpress? Constant wp-content changes? Is it normal?
Is the problem that the ctime and mtime of directories is changing, but there are no changes to the content of the directory? Pretty much. As I said, I'm aware that it miiight just be Wordpress update checking doing this but I just wanted to be sure and get a confirmation from someone a little more experienced on the subject. Thanks 2015-05-01 9:56 GMT-04:00 Keith Constable kccric...@gmail.com: On Friday, May 1, 2015, Alex Morin-Sénécal a...@fortunelab.net wrote: Hi, I'm using AIDE to check on old Wordpress installation that doesn't get new content added. There was a advertisement script added to the header of one of our sites at some point, so we wanted to use AIDE to know when something like this happens, because a lot of Wordpress sites are hit by 0 day exploits, so it's inevitable something like this will happen again at some point, and we want to know when it will happen and act on it. Anyways, I'm using the NORMAL rules for these sites, which might not be ideal? The log is a little strange. Well, perhaps not strange, but can someone explain this behavior?: Directory: /home/company/site.com/wp-content/themes http://brownstoneplayhouse.com/wp-content/themes Mtime: 2015-04-30 04:01:27 , 2015-04-30 15:55:43 Ctime: 2015-04-30 04:01:27 , 2015-04-30 15:55:43 Directory: /home/company/site.org/wp-content/plugins http://fondationfabiennecolas.org/wp-content/plugins Mtime: 2015-04-28 10:14:47 , 2015-04-30 17:27:15 Ctime: 2015-04-28 10:14:47 , 2015-04-30 17:27:15 I'm getting a lot of these for the various sites we host and it's always in wp-content, the themes or plugins folder. So practically, something changed, but what? I suppose this is normal behavior and it's probably a side effect of Wordpress checking for updates or just doing something for one reason or another? I'm just wondering if this is normal and if there's nothing to worry about. Better be safe than sorry. Thanks Can you try to describe the problem more specifically? Is the problem that the ctime and mtime of directories is changing, but there are no changes to the content of the directory? Bear in mind that Wordpress has automatic update features, so some unexpected changes may occur. Regards, Keith Constable ___ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide ___ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
[Aide] AIDE and Wordpress? Constant wp-content changes? Is it normal?
Hi, I'm using AIDE to check on old Wordpress installation that doesn't get new content added. There was a advertisement script added to the header of one of our sites at some point, so we wanted to use AIDE to know when something like this happens, because a lot of Wordpress sites are hit by 0 day exploits, so it's inevitable something like this will happen again at some point, and we want to know when it will happen and act on it. Anyways, I'm using the NORMAL rules for these sites, which might not be ideal? The log is a little strange. Well, perhaps not strange, but can someone explain this behavior?: Directory: /home/company/site.com/wp-content/themes http://brownstoneplayhouse.com/wp-content/themes Mtime: 2015-04-30 04:01:27 , 2015-04-30 15:55:43 Ctime: 2015-04-30 04:01:27 , 2015-04-30 15:55:43 Directory: /home/company/site.org/wp-content/plugins http://fondationfabiennecolas.org/wp-content/plugins Mtime: 2015-04-28 10:14:47 , 2015-04-30 17:27:15 Ctime: 2015-04-28 10:14:47 , 2015-04-30 17:27:15 I'm getting a lot of these for the various sites we host and it's always in wp-content, the themes or plugins folder. So practically, something changed, but what? I suppose this is normal behavior and it's probably a side effect of Wordpress checking for updates or just doing something for one reason or another? I'm just wondering if this is normal and if there's nothing to worry about. Better be safe than sorry. Thanks ___ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
