alt Hacker NewsAfter my Wordpress site got hacked way back through an exploit in one of the WP files, I set up a cron job that compared the hash of the static files with expected hash, and would fire off an email if they differed.
The script lived above the web root, so they'd have to escape that to tamper with it, and was generated by another script.
Saved me a couple of times since, well worth the 15 minutes I spent on setting it up.
Replies
daneel_w • yesterday at 5:49 PM
Related: OpenBSD does this daily as part of running security(8) and its coverage can be expanded to include pretty much anything.
embedding-shape • yesterday at 4:50 PM
> Saved me a couple of times since
Wait, how often does your Wordpress site get successfully hacked like that?
➕ show 2 replies
Back in the 1990s, there was a tool called ‘tripwire’ that checked key files against expected checksums.
As I recall, they recommended putting the expected values on a floppy disk and setting the ‘write protect’ tab, so the checksums couldn’t be changed.