Hi,

I have been hacked, though they just seemed to add some files. I've tweaked my security to hopefully stop future issues, but I'd really like a script that does this.

Checks all of the sites on my reseller acount and emails me a report that shows all of the any file that's been added. Also, if it's not too much of an extra server issue see if any files have been changed.

Do I need to have shell access to do this?

Are there any scripts available that do this?

One approach to this is gathering a list of MD5s of all the important system files, so see if they've been modified. That method is no good to you now that you've been hacked mine due. There are scripts to do this, but I dunno if they'll be compatible with your reseller account..

I would recommenced clearing all your scripts and CGIs and installing a fresh copy of everything that you can. You never know what root-kits the attacker may have left behind!

If it were a server, reinstalling the entire OS would be a good idea unless you really know what you're doing with GNU/Linux/UNIX from a security point of view.

Unfortunately there are about 60 sites effected. They're all small, but it would be many hours of work to reinstall everything. I don't think the hackers were able to do any damage this time, they just added files but the files weren't actively doing anything. Mostly they were html files saying that I had been hacked, though I did find some instances of the hack where they put two files and an htaccess file into all of the 777 directories.

I've gone through and installed an htaccess in each of the 777 image folders (they have to be 777 because the script automatically creates thumbnails and that function doesn't work at any other permission level) at any rate I put an htaccess file in each of those that makes it so no files including html, php, cgi etc can be excecuted.