PHP Scripts

Website Security Against hackers, more rigorous.
Ignore folders of your choice.
Counts main folder byte sizes and file numbers and then subfolder byte sizes.

What is quite nice here is that it detects hidden files, and detects any changes

If you haven't experienced someone hacking your website, then that's good.

If you have however, you wil appreciate being informed of any changes at all, so you can quickly go check whats happening.

 

The easy script (here) is okay if your webhost doesn't update your website with statistics.
Many do however, with folders like webalizer, modlogan, or websitestats.
Consequently, your site is constantly changing and the simple script sends false alarms.

If your website does have folders for statistics, you need to keep track of your website, but ignore the stats folders.

1. Connect to the database
2. Create some tables for each folder on your site, using "createsizes.php" - run it once then delete it from your folder.
A table will be created for the main folder of your website, and for every subfolder, apart from the ones you don't want to include.
3. Collect folder filesize and store in your database tables, but ignoring specific folders of your choice using "sizes.php".
In the example page here, the folders to be ignored are: cgi-bin, stats, modlogan, and webalizer.
4. Every time you click the file sizes.php (bookmarked in your browser perhaps), the page will update and check against the database.
If there's any discrepancy, by as much as a byte, you get an email.

The three images, cross, yes and no, are here, if you want them. Just click each one to save :

(createsizes.php)

<?php
// ftp your directory and make sure no folders are called (something).(something)
// that is, remove the dot if there is - eg, new.images would need to be renamed newimages.
$db = mysql_connect("host", "login", "password");
mysql_select_db("table",$db);

echo "Success in database selection<br>";
//main folder
$result="CREATE TABLE s_sizes(size varchar(50) default NULL, count varchar(50) default NULL)";
mysql_query($result) or die(mysql_error());
@mysql_free_result($result);

$array=array_diff(glob('*', GLOB_ONLYDIR), array("cgi-bin", "stats", "modlogan", "webalizer"));
// start the loop through the folders
foreach ($array as $value) {
$d=$value;
$result2="CREATE TABLE s_sizes_$d(size varchar(50) default NULL)";
mysql_query($result2) or die(mysql_error());
@mysql_free_result($result2);
}

?>

After running the createsizes file, delete it from your server

(sizes.php)

<?php
$db = mysql_connect("host", "login", "password");
mysql_select_db("table",$db);
$y="<img src=mr_dnld_y.gif";
$n="<img src=mr_dnld_n.gif";
$f0="<font face=verdana,arial,helvetica size=1 color=666666";

function GetFolderSize($d ="." ) {
$h = @opendir($d);
if($h==0)return 0;

while ($f=readdir($h)){
if ( $f!= "..") {
$sf+=filesize($nd=$d."/".$f);
if($f!="."&&is_dir($nd)){
$sf+=GetFolderSize ($nd);
}
}
}
closedir($h);
return $sf ;
}

echo "$f0>Your Website Name </font><br>";
// count the files in the root directory
$dir = $_SERVER['DOCUMENT_ROOT'].dirname($PHP_SELF);
$handle = opendir($dir);
$count = 0;
while (false !== ($file = readdir($handle))) {
if (is_file($file) && $file !== '.' && $file !== '..') {
$count++;
}
}
echo "$f0>$count Files, and Size is </font>";
$totalsize=0;
function show_dir($dir, $pos=2){
global $totalsize;
if($pos == 2)
$handle = @opendir($dir);
while ($file = @readdir ($handle)){
if (eregi("^\.{1,2}$",$file))
continue;
if(is_dir($dir.$file)){
show_dir("$dir.$file/", $pos+3);
}else{
$size=filesize($dir.$file);
$totalsize=$totalsize+$size;
}
}
@closedir($handle);
if($pos == 2) //echo "</pre><hr>";
return($totalsize);
}
$dir = $_SERVER['DOCUMENT_ROOT'].dirname($PHP_SELF);
$totalsize = show_dir($dir);
echo "$f0>" . ($totalsize) . " Bytes:</font>";
// check against the database

$query="SELECT * FROM s_sizes";
$result = mysql_query( $query, $db );
$num_rows = mysql_num_rows($result);
if (empty($num_rows)) {

$q1 = "INSERT INTO s_sizes (size, count) VALUES ('$totalsize','$count')";
mysql_query($q1) or die("$q1 failed because ".mysql_error());
} else {
$countm=mysql_result($result,$zz,"count");
$sizem=mysql_result($result,$zz,"size");

if ($countm == $count && $sizem == $totalsize) {
echo "$y>$f0>Data consistent<br></font>";
} else {

$q2 = "UPDATE s_sizes SET size='$totalsize', count='$count'";
mysql_query($q2) or die("$insert failed because ".mysql_error());
echo "$n>$f0>Data updated<br></font>";
$diff = $count-$countm;
$diff2 = number_format($diff, 0, "", ",");
$mdiff = $totalsize-$sizem;
$mdiff2 = number_format($mdiff, 0, "", ",");
// if the website size has changed, email yourself
mail("your email ",
"Your Website , file number or size change, main folder",
"Folder: Main folder\n
Old file numbers: $countm
New file numbers: $count
Difference in files: $diff2\n
Old data size: $sizem
New data size: $totalsize
Difference in size: $mdiff2 bytes \n",
"From: Your Website <your email >");
}}
// finish the root directory

// check the file s_sizes in the folders
$array=array_diff(glob('*', GLOB_ONLYDIR), array("cgi-bin", "stats", "modlogan", "webalizer"));
// start the loop through the folders
foreach ($array as $value)
{
$d=$value;
$size = GetFolderSize( $d );
echo "$f0>" . $size . " Bytes in Folder /$d :</font>";
// check the database

$query="SELECT * FROM s_sizes_$d";
$resultss = mysql_query( $query, $db );
$num_rowsss = @mysql_num_rows($resultss);

// alert if there is a new folder
if (mysql_error()) {
echo "<br><img src=cross.gif>";
$f1="<font face=verdana,arial,helvetica size=2 color=purple";
$f2="<font face=verdana,arial,helvetica size=2 color=blue";
echo "$f1><BR>ALERT ALERT ALERT<BR>There is a new folder:</font> $f2>$d</font><br>$f1>Update has been halted.</font>";
exit;
}
if (empty($num_rowsss)) {

$q1 = "INSERT INTO s_sizes_$d (size) VALUES ('$size')";
mysql_query($q1) or die("$q1 failed because ".mysql_error());
} else {
$ds=mysql_result($resultss,$zz,"size");
if ($ds == $size) {
echo "$y>$f0>Data consistent<br></font>";
} else {

$q2 = "UPDATE s_sizes_$d SET size='$size'";
mysql_query($q2) or die("$insert failed because ".mysql_error());
echo "$n>$f0>Data updated<br></font>";
$diff = $size-$ds;
$diff2 = number_format($diff, 0, "", ",");
mail("your email ",
"Your Website , size change in folder $d",
"Folder: $d\n
Old data size:$ds
New data size:$size
Difference: $diff2 bytes \n",
"From: Your Website <your email >");
}}
// loop

}
@mysql_free_result($result);
@mysql_free_result($resultss);
@mysql_close($db);


font color="#006666" size="2" face="Verdana, Arial, Helvetica, sans-serif"> 

 

Back