Posts: 7
Threads: 1
Joined: Jan 2017
I've made a plugin allowing to check changed files/directories to detect unexpected activity on a website:
http://get-simple.info/extend/plugin/files-warden/1125/
Hope it will be useful.
Screenshot:
Posts: 39
Threads: 5
Joined: Oct 2013
2017-12-19, 21:30:59
(This post was last modified: 2017-12-19, 21:35:03 by carpman.
Edit Reason: provided example
)
Nice plugin!
Would it be possible to add an option to send an email if changes occur.
This option should be able to be toggled on/off (so when site changes are being done you can switch if off, but when no changes are expected one could switch it back on).
This would be helpful for sites where one doesn't expect any activity or where visitors have triggered a change for example on a comment or via a guestbook. This would allow people like me to avoid having to login just to check if a comment has been submitted and requires the moderator to allow or disallow.
That would be a great help.
Thanks again for the plugin.
EDIT: The email content wouldn't need to be complicated - perhaps a simple configurable message like:
"Something has changed on your site: www.example.com"
You could also allow an option to limit to 1 email per changes (for those who forget to switch it off - that way they don't spam themselves). Maybe that's a bit complicated -- not sure.
C.
Posts: 7
Threads: 1
Joined: Jan 2017
Thank you for your interest!
Regarding the email notification option: I am not sure how you want to use it. Do you plan to use something like a cron job?
Sincerely,
Sergey Zyryanov
Posts: 39
Threads: 5
Joined: Oct 2013
Thanks for the quick reply.
At present there's no notification system for when changes are made. Your plugin solves half the problem, but requires the administrator to login to see changes. What would be really useful is to be notified of changes, so one doesn't have to keep logging in just to check. A good example is a review / comment system:
Someone posts a comment that requires moderation. But how does the admin know a comment has been posted. They don't unless they login to check. Your plugin could solve that problem by having an email notification option.
This would alert admins of unexpected changes. These could be attacks, comments, changes made by authorised users that one might want to oversee etc ....
A simple tick box to toggle on/off would be the way to go, so if the owner makes changes they can switch the email notifications off.
Hope that helps.
Thanks again.
C.
Posts: 7
Threads: 1
Joined: Jan 2017
In general, there are 2 kinds of changes:
- legal changes (like post a comment by user, install a plugin by admin, etc.)
- illegal changes (like code injection).
Most likely legal changes can trigger plugin's action, but illegal changes can use not-standard methods avoiding any triggers. So, you have to call the plugin directly to detect these changes.
I think the only way to implement a reliable changes notification is to call the plugin periodically (e.g. each day or each hour) using a cron job or Windows Scheduler task. I can add a script checking the changes and sending the emails as you want. You can call it from cron using wget or curl command. For example:
wget http://yoursite.com/plugins/files-warden/check.php
What do you think about this approach?
Sincerely,
Sergey Zyryanov
Posts: 39
Threads: 5
Joined: Oct 2013
2017-12-22, 11:30:30
(This post was last modified: 2017-12-22, 11:31:29 by carpman.)
So basically, I'd set up a cron job, it calls the script (check.php) which runs the Files Warden plugin:
if change detected send email, otherwise don't.
Is that the idea? If so that would work. Also that way the admin could control things via the timer of the cron job. So while your doing work on the site and changes are yours and expected, you can just switch the timer to every year and when the work is done switch it back to daily.
I like that approach, if it's not too much hassle to code - that would be great!
Thanks,
C.
Posts: 7
Threads: 1
Joined: Jan 2017
Ok, I will try to do it next week.
Posts: 39
Threads: 5
Joined: Oct 2013
Excellent - looking forward to it.
Thanks (that will be a big help to me and hopefully others). Have a great Christmas and New Year!
C.
Posts: 7
Threads: 1
Joined: Jan 2017
2018-01-03, 18:49:35
(This post was last modified: 2018-01-03, 18:50:02 by szyryanov.)
Please check the new version. You can see an "Email notification" section added to the plugin's description.
Posts: 39
Threads: 5
Joined: Oct 2013
All works perfectly !!! That's really helpful. We run a shop on one of the domains and the feedback form sits on a separate GS site. With sporadic feedback and reviews requiring moderation, now we don't have to keep checking just in case.
Excellent plugin and really nicely implemented. Customiseable email message is handy too, since I have your plugin running on a number of sites. Cron jobs was a sensible way to go.
A good start to my New Year, hope you have a great 2018 !!! And I hope others find your plugin as useful as I do.
Thanks again.
C.
Posts: 7
Threads: 1
Joined: Jan 2017
Posts: 1,928
Threads: 88
Joined: Apr 2010
it is a pity that there are no language files
Posts: 7
Threads: 1
Joined: Jan 2017
(2018-01-07, 05:24:02)Oleg06 Wrote: it is a pity that there are no language files
I want to create this plugin for several CMS (e.g. OpenCart, WordPress etc), and internationalization support for all of them will add a significant complexity. So, I prefer to not provide internationalization support at this moment.
The plugin is intended for admins and advanced users by nature. I hope most of them will be able to use English version.
Posts: 538
Threads: 12
Joined: May 2013
2018-01-10, 01:25:30
(This post was last modified: 2018-01-10, 01:28:14 by Bigin.)
Advanced users will use Git, git diff, to check this changes ;-)
Posts: 515
Threads: 21
Joined: Feb 2019
Quote:Advanced users will use Git, git diff, to check this changes ;-)
Can you show any examples of this ?
Posts: 538
Threads: 12
Joined: May 2013
To check if specific file in git repository has changed:
Code:
git diff --exit-code your/path/dir
To see names of the files only
--name-only option
More infos: https://git-scm.com/docs/git-diff
Posts: 515
Threads: 21
Joined: Feb 2019
Thanks for your reply and the links
I didn't know about the git diff command
I need to figure out how to apply git diff to check
if a website has been tampered or corrupted.
How about to offer a client this kind of protection
for his website ? Wouldn't that be Interesting !
Let's evaluate it.
F.