I'm currently third and final year of my bachelors degree in New Zealand, bachelor of computing & information sciences.
My final year project (not that big, its done concurrently with other papers), was to re-secure an OSCommerce website that was hacked because it wasn't upgraded, and therefore insecure. That's a whole other can of worms that I won't open right now, but the reason I'm coming to you now is for this reason;
Having secured the website and patched any (known) holes, we need to keep an eye on things to check that nothing bad is happening. How we have been doing this so far is (probably a little.. "newbie" for want of a better word?):
File Monitoring We have been downloading daily backups from the webhost and comparing them of the previous day (just the public_hml folder). This has actually proved pretty easy, as nothing really ever changes unless we change something. We've been using a tool called "Beyond Compare" - which is actually pretty good to use. It lists any files / folders that have changed and allows you to drill right down to the appropriate line number of whats been changed. This allows us to make a really quick decision as to weather the changes made were legit or not.
Database Monitoring This is the part I really need help with - it's not very easy taking an entire database dump and comparing it with the previous days one to check for "malicious" entries, as malicious is a very ambiguous term to start with, and this file is literally thousands of lines long.
Bare in mind that money is an issue here, we have practically no cash to play with, but really need a way to be checking for "malicious" mySQL changes, each day or each week if we can't get it done daily.
Also bare in mind I am relatively new to an awful lot of this - so do go easy if I have missed something really obvious that we should be checking that we aren't. As always, suggestions are welcome
Cheers. It's a great part to be part of this community which I am now visiting daily
Normally poor permissions are paving ways for PHP/MySQL related hacks. Make sure the config files are not writable globally, enabling suphp is a good idea.
AssistanZ - Beyond Boundaries... Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development