Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By kiev1.org on
Hello.
There is a question or idea.
I sometimes give passwords from my site and FTP to users under windows - and there they are very often stolen by troyan (well see on FTP logs - login from Brazil, China, France), there was a necessity in the module which would consider and compared MD5 sum of php files of site and "alert" would do in the case of change, it is possible to add functional to watch after some tables of base (so they can it was be defined in adjustings the module).
Or does can that the ready is?
Comments
Hello, if I understand you
Hello,
if I understand you correctly, you want a Drupal module that checks MD5sums of other Drupal files.
This would not be secure, as I see it: If someone steals a password for your site, he can log in and simply turn this protective module off. Or, which would be even worse, he could alter the module so that it would tell you "everything is ok" even if some files were modified.
I suggest two things for you to try:
- Keep your passwords safe and don't hand them to users that don't keep their systems secure.
- Create a cron job on another server that fetches all of your PHP files and checks it on that other machine. That way, if a cracker gets the password for your Drupal installation, he would still have to get the second machine's password in order to totally compromise your installation...
Yes, I think that hacker can
Yes, I think that hacker can change the module, but often adding of viral code to the php files is done automatically, therefore this module is very actual.
It is in addition possible to do the show of changes of files, for example as diff
Sorry, but giving ftp-access
Sorry, but giving ftp-access to users is really the worst you can do, unless you want your server to be hacked and taken over!
Why would they need ftp-access? For uploading? Then you have them upload through your application.
-----------------------------------------
Joep
CompuBase, websites and webdesign