Please help Identify Changed Files

[madstarr]

First, I am in the process of implementing all of the security measures that are advised in this thread, but I am having trouble with a couple of them and I just cant seem to get them implemented fast enough.

I have changed name of admin folder, password protected it using .htaccess. I have changed all the permissions on files and folders to recommended. Removed filemanager and define language, and installed SiteMonitor. I am working on htaccess protection presently which i am having a lack of knowledge issue with.

My files are being changed several times a day and it seems to be the same files all the time.

Using site monitor these are the files that are being changed. Can anyone identify what is doing this and how i might stop it.

 

No new files found...

No deleted files found...

Difference found: New-> index.php 20159 Original-> 20378

Difference found: New-> includes/languages/english/index.php 4600 Original-> 4466

Difference found: New-> includes/languages/espanol/index.php 2690 Original-> 2556

Difference found: New-> includes/languages/german/index.php 4660 Original-> 4526

Difference found: New-> msrcontrol/EPDocumentation/index.html 668 Original-> 514

Difference found: New-> msrcontrol/includes/languages/english/index.php 1255 Original-> 1118

Difference found: New-> msrcontrol/includes/languages/espanol/index.php 1272 Original-> 1136

Difference found: New-> msrcontrol/includes/languages/german/index.php 1314 Original-> 1178

Difference found: New-> msrcontrol/index.php 3889 Original-> 3835

Time Mismatch on index.php Last Changed on Wednesday, 04 Nov 2009 00:46:52 GMT

Time Mismatch on includes/languages/english/index.php Last Changed on Wednesday, 04 Nov 2009 00:46:58 GMT

Time Mismatch on includes/languages/espanol/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:05 GMT

Time Mismatch on includes/languages/german/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:15 GMT

Time Mismatch on msrcontrol/EPDocumentation/index.html Last Changed on Wednesday, 04 Nov 2009 00:47:31 GMT

Time Mismatch on msrcontrol/includes/languages/english/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:39 GMT

Time Mismatch on msrcontrol/includes/languages/espanol/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:47 GMT

Time Mismatch on msrcontrol/includes/languages/german/index.php Last Changed on Wednesday, 04 Nov 2009 00:48:06 GMT

Time Mismatch on msrcontrol/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:21 GMT

No permissions mismatches found...

 

Thank you.

[JR Sales Company]

First, I am in the process of implementing all of the security measures that are advised in this thread, but I am having trouble with a couple of them and I just cant seem to get them implemented fast enough.

I have changed name of admin folder, password protected it using .htaccess. I have changed all the permissions on files and folders to recommended. Removed filemanager and define language, and installed SiteMonitor. I am working on htaccess protection presently which i am having a lack of knowledge issue with.

My files are being changed several times a day and it seems to be the same files all the time.

Using site monitor these are the files that are being changed. Can anyone identify what is doing this and how i might stop it.

 

No new files found...

No deleted files found...

Difference found: New-> index.php 20159 Original-> 20378

Difference found: New-> includes/languages/english/index.php 4600 Original-> 4466

Difference found: New-> includes/languages/espanol/index.php 2690 Original-> 2556

Difference found: New-> includes/languages/german/index.php 4660 Original-> 4526

Difference found: New-> msrcontrol/EPDocumentation/index.html 668 Original-> 514

Difference found: New-> msrcontrol/includes/languages/english/index.php 1255 Original-> 1118

Difference found: New-> msrcontrol/includes/languages/espanol/index.php 1272 Original-> 1136

Difference found: New-> msrcontrol/includes/languages/german/index.php 1314 Original-> 1178

Difference found: New-> msrcontrol/index.php 3889 Original-> 3835

Time Mismatch on index.php Last Changed on Wednesday, 04 Nov 2009 00:46:52 GMT

Time Mismatch on includes/languages/english/index.php Last Changed on Wednesday, 04 Nov 2009 00:46:58 GMT

Time Mismatch on includes/languages/espanol/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:05 GMT

Time Mismatch on includes/languages/german/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:15 GMT

Time Mismatch on msrcontrol/EPDocumentation/index.html Last Changed on Wednesday, 04 Nov 2009 00:47:31 GMT

Time Mismatch on msrcontrol/includes/languages/english/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:39 GMT

Time Mismatch on msrcontrol/includes/languages/espanol/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:47 GMT

Time Mismatch on msrcontrol/includes/languages/german/index.php Last Changed on Wednesday, 04 Nov 2009 00:48:06 GMT

Time Mismatch on msrcontrol/index.php Last Changed on Wednesday, 04 Nov 2009 00:47:21 GMT

No permissions mismatches found...

 

Thank you.

I would suggest renaming your admin to something a little more obscure. Change the passwords again. Make sure that your htpasswd and admin password are different, that way it takes two different passwords and user names to login to the admin panel. Login via https only. I would also recommend changing your database name and password. Once you do this, you can update your configure.php file. Also, change your ftp password, and use SSH for uploads if available. View your source code on these pages, and check your database to see if it has been altered in any way. Is it possible that these are files that you have worked on or uploaded?

[madstarr]

Thank you for your suggestions. I am positive these are not files that i have worked on. They get changed several times a day and it is always the index files in each folder.

I will again change all my passwords and admin folder name, just as a precaution as i have already done that several times. I just have two questions about what else you wrote.

1> login via https - by this do you mean just enter the url to the admin page with a https: when i login or is there settings in configuration that should be changed. I have a sec certificate that i believe is protecting (?) the site. ;or are there changes that need to be changed to the configuration files.

2. what is SSH for uploads?

 

Please excuse my ignorance. I have learned a ton but am still learning. Thanks for all your help

[Guest]

If you use Windows you can google and download WinSCP for SSH

[JR Sales Company]

Thank you for your suggestions. I am positive these are not files that i have worked on. They get changed several times a day and it is always the index files in each folder.

I will again change all my passwords and admin folder name, just as a precaution as i have already done that several times. I just have two questions about what else you wrote.

1> login via https - by this do you mean just enter the url to the admin page with a https: when i login or is there settings in configuration that should be changed. I have a sec certificate that i believe is protecting (?) the site. ;or are there changes that need to be changed to the configuration files.

2. what is SSH for uploads?

 

Please excuse my ignorance. I have learned a ton but am still learning. Thanks for all your help

Sorry for delay.

 

1. Yes, I would login via https://yourwebsite.com/youradmin This will use server encryption on both logins, cutting down on the chance of your passwords being intercepted. Make sure ssl is set to 'true' and path is set in your admin/includes/configure.php

 

2. SSH=Secure Shell. Basically encrypts your uploads to the server. Check with your host as to whether they need to enable it on your server. Also, there are many FTP clients that are SSH capable. You can Google for one, as mentioned above.