Script Checker - Verify scripts on a website against hacking
Make sure that scripts on your website are not hacked - GPL 3.0 license
Script Checker compares all the scripts on a website with their original code on a local source directory. And it can find also obtrusive scripts added on the site by hackers.
It is completed by a public domain script that displays the list of last modified scripts.
How the program works
The program scans both a local directory and the content of your website
in FTP mode, so without running the scripts on the site.
It does compare scripts line by line, (ignoring the end of line code that
differs on different operating systems) and detects modified code.
The scheck.log file is created to show details of the operations, including
obtrusive scripts found.
Using the script
It runs from the command line, in a so-called "DOS" window.
Type:
php scheck.php [options] -llogin -ppassword source ftpaddress
Required arguments:
If these arguments are omitted you will be prompted to enter them at runtime:
-l your ftp login.
-p your ftp password.
source: the local directory holding original scripts.
ftpaddress: ftp address of your site in the form: ftp.scriptol.com.
Optional parameters
If these arguments are omitted, default values will be used:
-v verbose mode, more details displayed, default is false.
-q quiet mode, default is false.
-d followed by a directory name. Subdirectory that is the root of the hosting. Generally "www". Default none.
It is recommended that you create a batch file. This is a text file containing the command with a BAT extension. It will be executed as a program.
What the script displays
The list of scripts. Each filename is followed by OK when it matches the
remote file. Otherwise it is followed by DIFFER.
The UNKNOWN message followed by a distant filename is displayed when an obtrusive
file is found.
At the end of the processing, the script displays the number of files compared, the number of files that differ and the number of obtrusive files.
What if a hacking is found?
Download the suspicious files into a temporary directory and verify their content. If some code was added that is not in the original scripts, change your password for the FTP connection. And verify all the original scripts for security fault, for example includes or parameters not strictly checked.
Versions
- 1.2 August 2012
The script has been modified to ignore empty lines. - 1.1 October 2008
New option to pass any form of FTP address in parameter.
The comparing function is improved.
In normal not verbose mode, only the problems are displayed.
Downloading, and content of the archive
The archive contains the PHP executable script scheck.php, the required libraries, and the source code in Scriptol programming language.
This script compares files on the site with the original local source.
Displays the list of files modified on a website or a subdirectory for n days.
Script Checker is under GPL 3.0 license.