Website hash check – adding another security layer

Improve security of your Artica server, all discuss about security news and how to fight against hackers/Spammers

Website hash check – adding another security layer

New postby Friend7 » Fri Sep 16, 2011 4:03 pm

Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Website hash check – adding another security layer

New postby chris_c_ » Sun Sep 25, 2011 12:40 am

This is a very good technique for protecting against hackers that try to modify the php code of a website - for financial crime.

I would use this to protect all joomla, wordpress, sugarcrm, and artica php/javascript/css code.

The trick is to allow the admin to upgrade the site's code easily - without causing any problems.

The problem comes when the sys admin clicks "allow" to some files but not all - then the site is running on a half-updated and half old version of code - the site will crash or function incorrectly.

The admin should have to "allow" the nightly updates to the code - one click, and the updated files are downloaded, unpacked, the SHA-1 signatures are checked against the secure encrypted list, and if they all match, the SHA-1 database is updated an the files are copied to their destinations.

also, joomla and sugar save system configuration info to a file called "configuration.php" which can change anytime the admin changes a core administrative setting. this SHA-1 signature will change at any time the admin saves core admin settings, so it shouldn't cause a false alarm, it should be recalculated each time the admin saves the core admin settings.
chris_c_
 
Posts: 794
Joined: Wed Oct 20, 2010 7:15 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A Geek


Return to Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron