Re: looking for file system changes on a shared hosting acco…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Aaron Jones via PLUG-discuss
Date:  
To: Main PLUG discussion list
CC: Aaron Jones
Subject: Re: looking for file system changes on a shared hosting account?
Can you run a cronjob on your server? If not, just get the Wordpress waf plugin and hope for the best.

> On May 11, 2021, at 3:25 PM, David Schwartz via PLUG-discuss <> wrote:
>
> I have had a shared hosting WHM (“reseller”) type account for years, and I’m constantly getting my Wordpress sites hacked.
>
> I just discovered another new WP site got hacked. I’m so sick of this. I notified my hosting provider and of course, they said they ran a scan and found nothing.
>
> It takes me just a couple of minutes to poke around using the cPanel File Manager to find litter the hacker has left. This time they added a new mailbox.
>
> I’m sick and tired of the hosting providers being so damn narrow-minded that they think scanning files looking for matching file signatures is effective. They have found exactly NONE of the files I’ve discovered over the past few years that hackers have left. NOT A SINGLE ONE!
>
> Also, as inept as they are, they do provide a lot of admin stuff I don’t want to deal with, and I do not have any interest in self-hosting on a dedicated machine (physical or virtual). It’s just a headache I don’t want to deal with.
>
> What I’d like to do is install a script or program that can scan through my file tree from …/public_html/ down and look for changes in the file system since the last scan, which is what tripwire does.
>
> Installing tripwire usually requires root access, but that’s impossible on a shared server.
>
> All it would do is something like an ‘ls -ltra ~/public_html’ with a CRC or hash of the file added to the lines. (Is there a flag in ls that does that?) The output would be saved to a file.
>
> Then you’d run a diff on that and the previous one, and send the output to an email, then delete the prvious one. Or keep them all and only compare the two latest ones. Whatever.
>
>
> As an aside, I know that Windows has a way of setting up a callback where you can get an event trigger somewhere whenever something in a designated part of the file system has changed.
>
> Is this possible in Linux?
>
> -David Schwartz
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss