Yesterday a friend from this forum let me know that google was reporting my website as a host for dangerous malware. When I pulled it up in Firefox, sure enough a big red screen warned me that I shouldn't proceed because the site was known to host viruses and worms. So I downloaded my entire site to a folder and scanned it. Two obfuscated scripts were found in my index.htm file. I compared it with the file I had uploaded some months ago and my version was clean. So someone hacked my service provider and planted malware in my index, the dirty rotten scoundrels. I reupped the clean version of my index, submitted my site to google for a review, and after the six hours or so it took them to get to it, I got the all clear.
This kind of thing is going to happen from time to time, how to defend against it? Why, aim some Purebasic at it of course:
If ReceiveHTTPFile("http://www.<mywebsite>.com/index.htm", "d:\index.htm")
a$ = MD5FileFingerprint("d:\index.htm") ; Downloaded index
b$ = MD5FileFingerprint("d:\_website\index.htm") ; Original index
If CreateMail(0, "<myemail>@<myhost>.com", "Emergency!")
SetMailBody(0, "Website index has been attacked !")
AddMailRecipient(0, "<myemail>@<myhost>.com", #PB_Mail_To)
Result = SendMail(0, "smtp.<mysmtpserver>.com", 25, 1)
Progress = MailProgress(0)
Until Progress = #PB_Mail_Finished Or Progress = #PB_Mail_Error
If Progress = #PB_Mail_Finished
MessageRequester("Emergency!", "Website index has been attacked! Emails sent.")
MessageRequester("Emergency", "Website index has been attacked! Unable to send emails.")
Delay(1000*60*10) ; 10 minutes
This runs continuously (actually a more sophisticated version with a systray icon and health check infos but this is the basic idea) on my system and now if someone hacks me again I'll know it in 10 minutes, even if I'm not home.