http://la-samhna.de/samhain/ if you have the resources to run it (its complex)
Or, an afternoons work should have something nice going on if you use tripwire http://sourceforge.net/projects/tripwire/ Not sure how to do this on a shared host tho. On Wed, Jan 27, 2010 at 4:41 PM, Steven Jones < [email protected]> wrote: > > Is it a good security tip to monitor the integrity of Drupal sources by > > using MD5 hashes on the files ? > > Is there a known/efficient way to achieve this ? > > http://drupal.org/project/md5check > > But this is a drupal module, and thus pretty useless, because it is > part of the system that you're looking to stop being modified. Better > to just hash some files on cron or something if you care to leave your > drupal installation writeable by the web server. > > Regards > Steven Jones > ComputerMinds ltd - Perfect Drupal Websites > > Phone : 024 7666 7277 > Mobile : 07702 131 576 > Twitter : darthsteven > http://www.computerminds.co.uk > > > > 2010/1/27 Nicolas Tostin <[email protected]>: > > Is it a good security tip to monitor the integrity of Drupal sources by > > using MD5 hashes on the files ? > > Is there a known/efficient way to achieve this ? > > > > > > ----- Original Message ----- > > From: "Laura" <[email protected]> > > To: <[email protected]> > > Sent: Wednesday, January 27, 2010 9:53 AM > > Subject: Re: [development] Fully patched site hacked and cloaked > > > > > > On Jan 27, 2010, at Wed 1/27/10 4:45am, Gerhard Killesreiter wrote: > > > >> Were you able to determine the attach vector that was used to be able > >> to modify bootstrap.inc? > > > > I just saw this performed on a D5 site. Bootstrap.inc was indeed altered, > an > > additional system.php file was inserted in the modules folder, and the > > pernicious (drug) website files were inserted into the cgi folder *above* > > the webroot. The code was sniffing passwords. Several files contained > > nothing but hashes. > > > > I mention this because if we see a pattern across many sites, this entire > > conversation should move to security reports offline. > > > > Laura > > > > > -- -- -- Steve Power Principal Consultant Mobile: +44 (0) 7747 027 243 Skype: steev_initsix www.initsix.co.uk :: Initsix Heavy Engineering Limited --
