How do you recommend monitoring your clients' files to make sure they aren't hosting warez or porn? Does anyone know of a script that can be run via a cron job that will automatically check?

I don't do any monitoring of files. I only monitor disc space and bandwidth. I would only investigate an account if they started pushing massive amounts on bandwidth.

Same here..

If you monitor your clients files then you are really liable for the content they are uploading..

Just monitor irregular usage and check up on them if you need too...

Cisco WTF?

Just do as everyone else and look for excessive amounts of space and bandwidth being used, and then investigate. In most cases, it is quite obvious when you have warez or porn.

Heh, yep.. warez/porn sites have their bandwidth usage shoot up within days. You can usually pick them up pretty fast.

Someday I'm going to get around to making a much better one but this does the job for the time being: http://jim.clook.net/serverscan.phps

yeah File Monitoring thing is going to be hard one , But You can get clear idea abut checking his disk pace and B/W then You can manually check there accounts

Originally posted by Jim_UK
Someday I'm going to get around to making a much better one but this does the job for the time being: http://jim.clook.net/serverscan.phps

Thanks for the script. But where/how is it supposed to be ran? I just copied that file over to my server, ran it, and I didn't really get any legit results. My webspace has files that meet that criteria, yet it didn't say anything about it, nor any other files in the public_html. What am I doing wrong?

Save it as whatever.php then run it in a root SSH by typing:

/usr/bin/php /path/to/whatever.php

EDIT: and remember to change the email address at the top ;)

Nice script Jim,

I've been looking for something like this for a while.

You ought to submit this to HotScripts in my opinion.

Cheers!

Kevin

i think the best way to monitor is too look of for some of those dodgey domain names, like "directdelux.com" (who caused us a few hassles). that looked a little sus to us, so we just went and browsed his site :)

Monitoring files on your system seems like a liability.

Have you considered signing up for a web page monitoring service?

It will not check every single file on a server, but you can monitor you customer's main site for certain keywords.

If you know what you are looking for, then it works like a charm.

Bye

I manually monitor the sites, in some cases, this is primarily because I handle a lot of adult webmasters, so I have to make sure they are on the up and up with their content, and that the site doesn't violate my TOS. So I just visit the site, and check out the front end, if I see something that might be in question I check out the site via FTP, and or email the webmaster himself.

Originally posted by ChangeDetect
Monitoring files on your system seems like a liability.

Have you considered signing up for a web page monitoring service?

It will not check every single file on a server, but you can monitor you customer's main site for certain keywords.

If you know what you are looking for, then it works like a charm.

Bye

Do you have any idea how much this would cost or have any links? This sounds like it is exactly what I want.

Jim_UK: Neat script! If it can be run via SSH then it can be run by a cron job.

Originally posted by Cisco
Jim_UK: Neat script! If it can be run via SSH then it can be run by a cron job.
I agree! And I would think with a li'l munging it could also potentially scan for content "keywords," eh? And then set up with cron to periodically check each site...

Now, what would be really cool would be if it would only email results if something questionable is found... 'n while we're wishing with one hand, and wanting with the other, how about if it would "somehow" be set up to only scan those with "questionable" disk and/or bandwidth consumption! :D

Just through using it here I've identified things that the script could do with:

- faster ways of searching
- exclude files, folders and users
- auto disable very bad scripts
- in the case of resold accounts, grab the reseller username who owns the account and tag it on somewhere to save having to look it up
- etc

I might get round to it one of these days :)

Well, I tried the script on one of my servers. It scanned and sent me an email and didn't find anything. So I thought I would test it and I uploaded putty.exe and scanned again. Still didn't find it.

Although it DID find a file that was over 5mb, which was a tar backup. I deleted that and ran again and it didn't find that again or anything. So I would have to say that it isn't very reliable if you are going to try to find "bad" things.

Originally posted by kickmybutt
Well, I tried the script on one of my servers. It scanned and sent me an email and didn't find anything. So I thought I would test it and I uploaded putty.exe and scanned again. Still didn't find it.

Although it DID find a file that was over 5mb, which was a tar backup. I deleted that and ran again and it didn't find that again or anything. So I would have to say that it isn't very reliable if you are going to try to find "bad" things.

Last I checked, the script isn't told to scan for .exe files so it looks like it's working fine. You'll see it's just using standard shell commands so it shouldn't be too difficult for you to add it.

I did add it. And it still didn't find the .exe file.

Originally posted by kickmybutt
I did add it. And it still didn't find the .exe file.

Try running the find command on it's own in SSH and see if it finds it. As I say, they're just normal commands so if you want to add something just add it to the find command under the appropriate heading.

Using SSH, I did a:

locate *.exe
and returned 14 references in the /home directory. Among other outside the /home. But I know the script is only searching the /home.

Originally posted by kickmybutt
Using SSH, I did a:

locate *.exe
and returned 14 references in the /home directory. Among other outside the /home. But I know the script is only searching the /home.
Did you run an "updatedb" after uploading the new .exe, and before running your "locate"?

Monitoring files on your system seems like a liability.

Have you considered signing up for a web page monitoring service?

It will not check every single file on a server, but you can monitor you customer's main site for certain keywords.

If you know what you are looking for, then it works like a charm.

Originally posted by Cisco
Do you have any idea how much this would cost or have any links? This sounds like it is exactly what I want.

Jim_UK: Neat script! If it can be run via SSH then it can be run by a cron job.

Well it was posted by the nic "ChangeDetect"... the url is http://www.changedetect.com/

There are others though like http://www.dailydiffs.com/ and WebSecretary