Don’t wait for Google to ban your site to find out you’ve been hacked. You might use several tools to prevent your site from being hacked, but if they fail, you want to know right away – long before Google bans your site for hidden links and malicious scripts. That’s what MonitorHackdFiles does – it is a sentry for your site. It watches your site, and when it detects a file has changed (or been added), it notifies you via email and tells you which file(s) was changed. When other security measures fail, MonitorHackdFiles makes sure you know about it.
I have a friend whose blog gets hacked and removed from Google’s search results every couple of months or so. It seems like every time I start to forget about the irritating hackers* out there, another friend cries on my virtual shoulder because their site has been hacked. It’s a constant stream, and I’ve been looking for ways to help everyone stop it for a while now.
Today, I’m giving everyone a free tool to add to your “anti-hacked sites” arsenal. (Download link near the end of this post). It’s ONLY ONE TOOL and only does ONE FUNCTION. You need other tools as well, and I’ll list some that I use and recommend, and I’ll continue to search for more. But this is one I haven’t seen released yet, so I decided it was time to make one (with a little help).
Let’s start with the problem. There are many different ways that your site can be hacked. This post deals with one of those ways – a file or files are added to your site, or a file(s) that already exists on your site is changed – by someone with evil intentions – and without your knowledge. These changed files cause something bad to happen with your site – what that “something” is could be different for everyone. You may get links to unsavory sites injected in your pages, like my friend did. Here’s a pic of what that looks like.
Unfortunately, he didn’t know those links were there. Why not? Because they were INVISIBLE to him and to any other human visitor. He only found out about them because he wondered (weeks later) why he suddenly disappeared from Google’s search results, and a kind Google employee told him that he was linking to some bad sites – but only search engines could see the links.
There are many other things that might happen, including having links placed on your site that redirect users to another site – and that site may infect your users with malware. Whatever the end result is, it began in a similar way. And you had no idea your files were tampered with.
THAT’S THE PROBLEM. Site’s have files changed and site owners have no idea that anything has happened. Visibly, they see nothing changed. It’s only after time has passed do they notice that they’ve been banned from appearing in Google’s search results and wonder why. Eventually, with enough effort, and some luck, they may realize that their site has been hacked. And even then, they have no idea how, or which files might have changed!
The tool I am giving to everyone will NOT prevent files from being changed without your knowledge. Sorry. However, if a file *is* added or changed, this tool will alert you by sending you an email, and it will tell you which file(s) changed. That quick knowledge could be enough to stop the hacker in his tracks, and prevent more damage being done. You may never have to wake up to wonder why you’ve lost all your search engine rankings. And by knowing exactly what files were changed, you have a little more knowledge so that you may even figure out how the hacker managed to find his way in.
This tool can be used by just about everyone (assuming your site is hosted on a Linux server, capable of running PHP). It’s not JUST for WordPress blogs, although they are often hit with this issue. I didn’t want to restrict this tool to blogs. It’s useful to the broader web site community, whether you run blogs or any other type of site. And in most cases, it’s a 5 minute install. Set it and forget it.
It’s completely free (as in beer and as in freedom) and I encourage you to let everyone know about it. I would appreciate linking to this post, rather than the download itself, so that everyone gets the benefit of knowing what they are downloading. I’ve licensed it as GPL, so that others can modify and distribute as needed, while making sure it always stays GPL. Download the zip file below. Unzip it, read the readme.txt instructions, and install it to harden your site’s security just a little bit more. (Current version is 1.1. View changes here.).
Other Site Security Tools I Recommend: (most for WordPress)
I can’t stress enough the importance of regular backups. If you do get hacked, you can always retrieve a known-good backup and be back in business fairly quickly. And because this tool will alert you quickly to problems, if you can revert your site to its original state quickly as well, then you may avoid getting dumped from search engines completely. And that can mean the difference between being a victim and being a warrior!
Who To Contact Once You’ve Been Attacked
As I mentioned, MonitorHackdFiles is just one tool in your arsenal. Once you’ve been alerted to a problem, you need to deal with it. Most often, you should get help from experts. I’m not going to recommend any particular company or service, because I don’t have any experience with any of them to rate them. However, here are a few that might be useful to contact if you need help finding out how the intruders got in. What is most important is finding the vulnerability so that you can secure that hole.
If after all of that, you’re still not sure what the heck this tool is for, I suggest reading another post I wrote about it over on the DazzlinDonna blog. I explain it in a slightly different way, so maybe it will make more sense.
Note: This script works best if it is automated via cron. If your host doesn’t allow cron jobs, you can still use this script, but you’ll have to manually run a file periodically. If your host doesn’t allow cron jobs, you might want to consider a better host. I recommend HostMonster.
*Note: Yes, I know the real term is crackers and not hackers, but like it or not, the word “hackers” has become the standard use and is even used by Google themselves in the various posts they’ve made about this problem. So don’t even try to start a word-war here about it. I don’t care about semantics. I care about solving more important problems.