File/Table Integrity Monitoring

Do you know if your website has been compromised, and what code has been changes? Do you know if your website has added secret admin user?

File Integrity Monitoring

File integrity monitoring is a process where a change in file, wrt previous state, is notified to the site owner. This is done by comparing timestamp, size, user ownership and permission of a file with previous backup. If the contents of the files are changed, the site owner is notified. The changes on website files are authorized changes or unauthorized. Authorized changes are for example, a new post with image or code/theme/plugin update. Unauthorized changes are the ones made by an attacker. It is upto to the site owner to detect changes and decide whether it is suspicious or genuine change made on the website.

Using this technique, site owner can detect the following scenarios:-

  • Unauthorized new files or code changes by an attacker
  • Accidental backup file made available to the internet within the same website
  • Renaming config file with extension, downloadable
  • Detect unwanted code changes on the website

This technique beats all malware scanners and puts site owner in full control.

Table Change Monitoring

Site owner can select tables for which he/she wants to be notified on change. This could be user table or post table. This technique is useful to keep tabs on users added to your website or track changes on comments/posts on a regular basis. A new user added to the system could be part of administrator group and cause harm to the website.