My website has a search feature which is powered by PHP and MySQL, all searches are then recorded in a text file for analysis. I found that there was a lot of SQL Injection attacks within my log files. I can’t actually see any damage to my website or database, but I can’t be 100% sure. I was wondering if there are any tools, ideally free ones, which I can use to check the integrity of my files and/or database.
There isn’t anything I’m aware of that can suit everyone’s custom app – how would it know what should be in the database and what should not be in the database.
That said, you have a vector to walk down – check out the injections and figure out what they would be doing to your table and then you can probably narrow it down to a small enough sample to be manageable.
Well the file structure doesn’t change, so it would be possible to hash all the files and monitor for changes, I’m just wondering if there are any tools already made for this purpose? As for the database, I will have to have a re-think.
I just answered something like this yesterday and responded with a file_hash() and recording all executable scripts to a database to check the hashes daily (via CRON). You can write your own script very easily (it has been some time but I believe it took me about a half hour with testing) and then generate the CRON to run your script (preferably from a non-webspace location) frequently (and with a last run field so you know noone else has hacked into your system and run the “update the hash” script to hide their mucking about.
BTW, files don’t have to be added or deleted; they can easily be modified by a hacker to include (Java)scripts to perform their malevolence. That’s why I said executable files, e.g., php, html and js come immediately to mind.