Bobby's Blog

Monitor Your Website for Modified Files for the Past 24 hours

Check Your Website for Modified Files for the Past 24 hours

Recently one of my websites got hacked. It was a simple WordPress website so it was easy to fix, however I’ve decided to write a very short bash script which would check my files and report if any of the files have been modified in the past 24 hours. That way I would know if anything malicious is going on.

You can of course adjust the time and run the script more often.

I really hope that this helps someone.

We would assume that your files are stored in your ~/public_html folder. Please adjust that if this is not the case.

Also please note that depending on the size of your website the script might take a while to run.


#!/bin/bash
# This will check your files
# and let you know if any changes have been made in the past 24 hours
# You can use this as a cron job as well

/usr/bin/find ~/public_html/ -mtime -1 -type f -print > ~/modified.txt

# If you have a caching plugin you could use the line below
# Rather than scanning the cache folder as well:
# Note change “*cache*” with the name of your cache folder

#find ~/public_html/ ! -path “*cache*” -mtime -1 -type f -print > ~/modified.txt

modified=~/modified.txt

if [[ -s $modified ]] ; then
echo “There are some modified files. See list bellow:

=======================

cat ~/modified.txt

echo “
=======================

If you have not made any updates or if you have not installed
any new software like plugins and themes,
please check the files

Regards”

#

else
echo “There are no modified files. Relax.”

fi ;

 
You could either check the ~/modified.txt file manually or you could email the content over if your server supports this functionality (some shared servers don’t). If you need any help with the email functionality, you can let me know 🙂

About the author

Bobby

Linux System Administrator