Script Checker - Verify scripts on a website against hacking

Make sure that scripts on your website are not hacked - GPL 3.0 license

Script Checker compares all the scripts on a website with their original code on a local source directory. And it can find also obtrusive scripts added on the site by hackers.

It is completed by a public domain script that displays the list of last modified scripts.

How the program works

The program scans both a local directory and the content of your website in FTP mode, so without running the scripts on the site.
It does compare scripts line by line, (ignoring the end of line code that differs on different operating systems) and detects modified code.
The scheck.log file is created to show details of the operations, including obtrusive scripts found.

Using the script

It runs from the command line, in a so-called "DOS" window.
Type:

php scheck.php [options] -llogin -ppassword source ftpaddress

Required arguments:

If these arguments are omitted you will be prompted to enter them at runtime:

-l your ftp login.

-p your ftp password.

source: the local directory holding original scripts.

ftpaddress: ftp address of your site in the form: ftp.scriptol.com.

Optional parameters

If these arguments are omitted, default values will be used:

-v verbose mode, more details displayed, default is false.

-q quiet mode, default is false.

-d followed by a directory name. Subdirectory that is the root of the hosting. Generally "www". Default none.

It is recommended that you create a batch file. This is a text file containing the command with a BAT extension. It will be executed as a program.

What the script displays

The list of scripts. Each filename is followed by OK when it matches the remote file. Otherwise it is followed by DIFFER.
The UNKNOWN message followed by a distant filename is displayed when an obtrusive file is found.

At the end of the processing, the script displays the number of files compared, the number of files that differ and the number of obtrusive files.

What if a hacking is found?

Download the suspicious files into a temporary directory and verify their content. If some code was added that is not in the original scripts, change your password for the FTP connection. And verify all the original scripts for security fault, for example includes or parameters not strictly checked.

Versions

Downloading, and content of the archive

The archive contains the PHP executable script scheck.php, the required libraries, and the source code in Scriptol programming language.


Download Script Checker

This script compares files on the site with the original local source.

Download CheckHack

Displays the list of files modified on a website or a subdirectory for n days.

Script Checker is under GPL 3.0 license.