WordPress plugin prototype to check the date and time that wp files have been last modified
Like some of you noticed during these days, my blog was hacked.
Someone injected an encoded javascript code into my footer.php theme making my site open an iframe with some badware.
The same old things that happen when you’re famous :)
The boring part of this story is now I check for my WP files every day, to prevent code injection, until I’ll find the way hackers use to inject such code.
So I developed a very basic plugin to do this job for me. It scans my themes directory and outputs the files modified in the last 24 hours.
I don’t know if I’ll turn this prototype into a real, finished, plugin… but meanwhile you can take a look at the code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | <?php /* Plugin Name: Check file dates Plugin URI: http://www.emanueleferonato.com/ Description: Checks the date and time that wp files have been last modified. Author: Emanuele Feronato Version: 1.0 Author URI: http://www.emanueleferonato.com/ */ add_action('admin_menu', 'add_plugin_pages'); function add_plugin_pages(){ add_menu_page('Check dates', 'Check dates', 8, __FILE__, 'mt_toplevel_page'); } function date_tree($start_dir,$date){ $dirs = array_diff(scandir($start_dir),Array(".","..")); foreach($dirs as $file){ if(is_dir($start_dir."/".$file)){ date_tree($start_dir."/".$file,$date); } else{ $mod_date = date("Y-m-d H:i:s",filemtime($start_dir."/".$file)); if($mod_date>$date){ echo "<li>".$start_dir."/<strong>".$file."</strong> -> ".date("Y-m-d H:i:s",filemtime($start_dir."/".$file))."</li>"; } } } } function mt_toplevel_page(){ $date = date("Y-m-d",strtotime("-1 day"))." 00:00:00"; echo "<h2>Searching for files modified after ".$date."</h2>"; echo "<ul>"; date_tree(get_theme_root(),$date); echo "</ul>"; } ?> |
And outputs something like this:
Searching for files modified after 2009-10-07 00:00:00
footer.php -> 2009-10-07 23:31:56
header.php -> 2009-10-08 17:58:14
If you want to try it, simply create a new file into your plugins directory and paste this code.
If you see some interesting use out of it by adding some options, let me know and maybe I’ll finish it.
(3 votes, average: 3.33 out of 5)
Loading ...
You will be pleasantly surprised by WordPress Themes provided by Template Monster. All of them are of professional design and high quality.
This post has 7 comments
Gabriel Bianconi
Emanuele, I’m getting virus alert and pop-ups when I enter your website. You might want to check…
Emanuele Feronato
yes, fixed… going to make some mods to .htaccess… let’s see what happens…
Yarden Refaeli
I didnt know about this… good luck keeping your system clean and running..
Ryan Williams
Ouch, hope you find out the cause if there’s a new security flaw with core WordPress out in the wild!
Or do you suspect it’s a plug-in or something you’re using?
Emanuele Feronato
at a first glance I thought it was a PHP exec plugin, but removing it did not stop the attack.
Now I modified some lines in the .htaccess and seems to be ok.
If I don’t suffer attacks during the next 24 hours I’ll publish a brief guide.
cristian
My website was hacked too but I’m less famous then you! ;-) Double check for code ignection scanning your mySQL WP tables and also use an useful plug-in called exploit-scanner.
Your solution don’t detect files created by hackers with the same date of the other one.
I needed to delete and reinstall a clean and updated version of WordPress.
Good luck!
wp-Member nulling
wp-Member nulling…
wp-member is a premium plugin that will add full Membership functionality to your wordpress blog. We have designed wp-member so that users of all ages and backgrounds will find it very easy to use. Protecting posts, pages or categories takes a single c…