This helps you to see if someone hacked your server and has changed or created new files.
You are able to choose between 2 dates
Features:
- Highlight executable files such as 'sh', 'asp', 'cgi', 'php', 'php3', 'ph3', 'php4', 'ph4', 'php5', 'ph5', 'phtm', 'phtml'
- Date and time of modification
- MD5 checksum of each file
- All information is from "/home" directory
Add this line to:
/usr/local/cwpsrv/htdocs/resources/admin/include/3rdparty.php
<li><a href="index.php?module=last_files_changed"><span class="icon16 icomoon-icon-arrow-right-3"></span>Last Modified files</a></li>
Then create a new file called "last_files_changed.php" on:
/usr/local/cwpsrv/htdocs/resources/admin/modules
with this content:
<h1>Last Modified files</h1>
<form action="" method="post" class="form-horizontal">
<input name="ifpost" size="0" value="yes" type="hidden">
<table><tbody><tr><td>
<table align="left" border="0" cellpadding="5" cellspacing="1" width="650px">
<tbody><tr class="oddrowcolor">
<td colspan="1">Filter from:</td>
<td colspan="1"><input class="uniform-input text" name="start" value="<?php echo date('Y-m-d'); ?>" size="30" type="text"></td>
</tr>
<tr class="oddrowcolor">
<td colspan="1">to:</td>
<td colspan="1"><input class="uniform-input text" name="end" value="<?php echo date('Y-m-d',strtotime("+1 days")); ?>" size="30" type="text"></td>
</tr>
</tbody></table>
</td></tr>
<tr><td>
<br>
<div class="form-group">
<div class="col-lg-offset-3 col-lg-9">
<button type="submit" class="btn btn-info">Filter</button>
</div>
</div>
</td></tr></tbody></table>
</form>
<?php
if(isset($_POST['start'])){
$files = shell_exec("find /home -type f -newermt ".$_POST['start']." ! -newermt ".$_POST['end']);
$files = preg_split("/\n/", $files);
foreach ($files as $file){
if(trim($file) !=''){
$ext = pathinfo($file, PATHINFO_EXTENSION);
if(in_array(strtolower($ext),['sh', 'asp', 'cgi', 'php', 'php3', 'ph3', 'php4', 'ph4', 'php5', 'ph5', 'phtm', 'phtml']))
echo '<font color="red"><b>'.date ("F d Y H:i:s", filemtime($file)).'</b> '.$file.' <b>('.$ext.' file)</b></font>';
else
echo '<b>'.date ("F d Y H:i:s", filemtime($file)).'</b> '.$file;
echo ' - <b>checksum</b> ('.md5_file($file).')';
echo '</br>';
}
}
}
?>