Checker Script - Check Scripts on Website

To make sure no scripts on the website have been hacked
GPL 3.0 Licensing

The Checker script compares all scripts on the website with their original versions in the local directory. In addition, it checks if there are any other scripts in the web space.

It is supplemented by a script from the public domain CheckHack, which displays a list of the most recently changed scripts .

How the program works

The program simultaneously scans the local directory and the contents of the website in FTP mode, therefore, without executing scripts on the site. It compares string-to-string scripts (not distinguishing between line-ending codes, which may differ by system) and detects differences in code.

The scheck.log file is created to specify details of operations, including a list of found scripts.

Use of script

It works on the command line, so in the "DOS" window, which can be found in the accessories menu.
Enter:

php scheck.php [options] -llogin -pmotdepasse source adresseftp

Obligatory

arguments:

If these arguments in the command are omitted, they will be claimed by the program;

- you are followed by your address login.

-p followed by the ftp login password.

Source: Directory containing source scripts.

addressing: ftp address as ftp.iqlevsha.ru

Additional parameters

If these arguments are omitted, the default values will be used:

-v verbose mode, with more detailed displays, no default.

-q silent mode, no default.

-d followed by the directory name. Root directory on your hosting, often "www."

It is recommended that you create a batch file. This is a text file containing the and command with a BAT extension. It will be performed as a program.

What appears in the script

List of scripts in the source directory followed by OK if it matches the site code. Otherwise, the message * DIFFER * appears.
In addition, scripts in the site that are not in the local source will appear before the UNKNOWN message.

At the end of processing, the script displays the number of compared files, different files and the number of alleged attackers

What to do if the scenarios are different

Repatriate without executing scripts to a temporary folder and checking their contents.
If they contain malicious code, erase it, change the password and check if your scripts make it easier to penetrate your site, including with enabled or not strictly tested parameters.

Versions

1.2 August 2012
The script has been modified to ignore empty lines.
October 1.1, 2008
New option to set any type of FTP address as a parameter.
The comparison function has been improved.
Only problems are displayed in normal non-graphic mode.

Archive loading and content

The archive contains the executable PHP script scheck.php, the PHP function libraries it uses, and the Script source code.

Download Script Validation Archive

This script compares scripts on the site to local source code.

Loading CheckHack

Show the list of changed files on the site or in a subdirectory for n days.

Checker script free under GPL 3.0 license