Friday, September 25, 2015

Quickly Detect Hacked Files via CRON/PHP: SuperScan

As a Certified Ethical Hacker, I'm fully aware that prevention is the best tactic to prevent hackers but, should one break through, the sooner you know it, the quicker you can act to limit the damage.

A while back, I presented a script called hashscan, designed to track site changes. Executed via a daily CRON, the script reads the files for a specified directory (e.g., an account’s public_html directory on a server), generates hashes (for files with specific file extensions), and compares them with the previous scan’s hashes stored in a database. It's a great way for site owners to be alerted to files that have been added, altered or deleted by a hacker.

In this article, I'll present an updated version of the script, called SuperScan.

Benefits of SuperScan

The primary benefit is that SuperScan will report any changes to files in an account whether the file change is an addition, alteration or deletion. SuperScan was designed not to overwhelm the webmaster. It only provides a report of changes since the last scan (the default is one hour, but can be configured via CRON) and a summary report (daily by default, although, again, it can be configured via CRON).

Because the scan of a 1500 file account takes ~0.75 seconds, SuperScan can be run frequently without affecting server performance.

To support forensic investigation, the file last modified date and time are held in the database, along with the hash value of the most recent scan (and prior scan for altered files).

The scanner file need not be changed, as all variables are set within a required configure script. It's in the configure script where you can select specific (or ALL) file extensions to be scanned or, if ALL, the file extensions to omit. Additionally, you may specify directories which the scanner will not scan.

While the SuperScan files can be tested within a webspace, I recommend that it be moved outside the webspace for production use via CRON to protect against casual hackers.

Finally, a curious additional benefit is that changes in (extensionless) error_log files are captured and can direct the webmaster’s attention to coding problems that have slipped through the testing procedures.

Continue reading %Quickly Detect Hacked Files via CRON/PHP: SuperScan%


by DK Lynn via SitePoint
Posted by at No comments:
Labels: , , , , , , , ,

Create a Mobile App Using Famo.us and Angular

Posted by at No comments:
Labels: , , , , , , , , , , ,

How to Quickly Build a Chat App with Ratchet

In this tutorial, we’ll be taking a look at Ratchet, a PHP library for working with WebSockets. Let’s start by defining what WebSockets are. MDN says:

WebSockets is an advanced technology that makes it possible to open an interactive communication session between the user’s browser and a server. With this API, you can send messages to a server and receive event-driven responses without having to poll the server for a reply.

Connected computers image

WebSockets allow us to write applications that can pass data from the browser to the server and vice-versa in real-time.

Setup

First, let’s install Ratchet using Composer:

composer require cboden/ratchet

Building the App

Now we’re ready to build the app. Create a Chat.php file under the class/ChatApp directory. This would be a class under the ChatApp namespace, and it would use use Ratchet’s MessageComponentInterface and ConnectionInterface. The MessageComponentInterface is used as the basic building block for Ratchet applications, while the ConnectionInterface represents the connection to the application.

Continue reading %How to Quickly Build a Chat App with Ratchet%


by Wern Ancheta via SitePoint
Posted by at No comments:
Labels: , , , , , , , ,

October’s Editorial Theme: The Struggle

Sometimes it takes an overwhelming breakdown to have an undeniable breakthrough.

enter image description here

Steve Jobs got fired from the company he started.

Disney barely survived due to its founder’s poor budgeting habits.

J.K. Rowling, one of the richest women in the world today, once depended on welfare to survive.

And Tim Ferris, bestselling author of “The 4-Hour Work Week” was rejected 25 times before finding a publisher, who would work with him.

Even the most horrific Halloween stories have nothing on entrepreneurs’ sagas about “The Struggle.”

Continue reading %October’s Editorial Theme: The Struggle%


by Lauren Holliday via SitePoint
Posted by at No comments:
Labels: , , , , , , , ,

An Introduction to tvOS Development

Posted by at No comments:
Labels: , , , , , , , , , , ,

Synchronizing Offline App Data with PouchDB

Applications which can work online and offline are an advantage to mobile users. For example, someone traveling by air generally has no internet connection. With a well designed app they can still work in offline mode and synchronize the offline data with an application server.

How Does This Work?

When the application is offline, the data is stored using HTML 5 local storage and session storage objects to store data in the browser or WebView. When the application is online, its programming logic will synchronize changes to a central database.

Continue reading %Synchronizing Offline App Data with PouchDB%


by Jay Raj via SitePoint
Posted by at No comments:
Labels: , , , , , , , ,

Make Your Scratch Code More Efficient With Custom Blocks

Posted by at No comments:
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)