On Friday, May 1, 2015, Alex Morin-Sénécal <[email protected]> wrote:
> Hi, > > I'm using AIDE to check on old Wordpress installation that doesn't get new > content added. There was a advertisement script added to the header of one > of our sites at some point, so we wanted to use AIDE to know when something > like this happens, because a lot of Wordpress sites are hit by 0 day > exploits, so it's inevitable something like this will happen again at some > point, and we want to know when it will happen and act on it. > > Anyways, I'm using the NORMAL rules for these sites, which might not be > ideal? The log is a little strange. Well, perhaps not strange, but can > someone explain this behavior?: > > Directory: /home/company/site.com/wp-content/themes > <http://brownstoneplayhouse.com/wp-content/themes> > Mtime : 2015-04-30 04:01:27 , 2015-04-30 15:55:43 > Ctime : 2015-04-30 04:01:27 , 2015-04-30 15:55:43 > > Directory: /home/company/site.org/wp-content/plugins > <http://fondationfabiennecolas.org/wp-content/plugins> > Mtime : 2015-04-28 10:14:47 , 2015-04-30 17:27:15 > Ctime : 2015-04-28 10:14:47 , 2015-04-30 17:27:15 > > I'm getting a lot of these for the various sites we host and it's always > in wp-content, the themes or plugins folder. So practically, something > changed, but what? > > I suppose this is normal behavior and it's probably a side effect of > Wordpress checking for updates or just doing something for one reason or > another? > > I'm just wondering if this is normal and if there's nothing to worry > about. Better be safe than sorry. > > Thanks > Can you try to describe the problem more specifically? Is the problem that the ctime and mtime of directories is changing, but there are no changes to the content of the directory? Bear in mind that Wordpress has automatic update features, so some unexpected changes may occur. Regards, Keith Constable
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
