
22 comments found.
Nice start! Do you know when you will have exclude and shell scanner features added? GLWS!
The next update will have excludes by directory and file type, as well as an updated dashboard interface and some extra settings + features. Hopefully it will also include a basic shell scanner, and should be done within the next couple of weeks!
Thanks!
Great! Please let me know when you have added all those features and I will buy it. Thanks.
Sure! I’ll be including many more things, so stay tuned
Hello my friend. What happened to those “many more things” you said (4 months ago) you will be adding/including!?
Hello, There have been some updates already for general usability and customisation. The shell scanner is also completed, which was a very large job, and I’ve also made some big changes to the way the item works. I need to iron out a few small bugs and an update will be ready!
Furthermore, you can also check out the Wordpress plugin version which I have just released if you check my portfolio! If you have any more questions, please feel free to ask.
Hey there, I have just uploaded the update, including the file & code scanner, and it’s awaiting approval! Feel free to check it out using the Live Preview link.
Do you have a screenshot of what the emails look like. Also is there any issues with running this on very large accounts that contain 20+ sites in which I would load the files in the main root to monitor all sites/directors on my hosting account?
In the current version the email notification simply tells you that something has changed, but I have already coded and implemented an updated function to tell you exactly which files and directories have any issues for the next version. If you would still like to see a screenshot of this, please use the PM function to message me and I will send you an image ASAP.
In regards to running Verifile at the root level, there are no issues, so long as the account you use to upload & run the application has sufficient permissions to access the directories and files required. Furthermore, there is no limit to how many directories and/or files you can scan, I have successfully tested with over 1000 files and everything worked perfectly.
I’m constantly working on and updating Verifile, with the next update including the email layout, bug fixes, optimisation and general error prevention ready to release during this coming week.
If you have any more questions, please feel free to ask me!
Thank you for your prompt reply. So my understanding is that it doesn’t send an email with changes, as of yet, but I would log in if any changes are found in which my dashboard would show all files that have been: Added, Deleted or Changed? I searched for “File monitoring” last night and didn’t see this script but instead found another which I promptly purchased and since then it has failed miserably. Thanks!
Currently the system does email you with an alert that something has been changed as soon as it finds it, but you have to access your dashboard to see details of what happened. Furthermore, scanning can be setup to be completely automated, running every X hours, minutes or seconds depending on what you specify, and alerting you whenever it detects a new or edited file.
Deleted files were purposefully not included as during the testing stage my beta testers indicated that notifications for files they had deleted were more of a nuisance than a benefit. Now that I have also added a Settings page, I would be more than happy to also include an option to enable/disable this feature if you require it.
I can’t comment on other people’s products, but I can assure you Verifile does everything it says on the box and more! If for some reason it doesn’t, I provide extensive support via email to ensure it does!
Thank you. I would have to agree after about the deleted files being a nuisance. A free script I have used for years, which finally stopped working, only emailed me changes which I didn’t mind seeing any deleted files. I just always expected to see an email when upgrading my sites. I do think it would be troublesome from a dashboard prospective. Thank you all your lengthy and detailed Information.
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-62695751-1', 'auto');
ga('send', 'pageview');
</script>
Features: Automated background scanning (yes, that’s true…)
Hello, this is standard Google Analytics code that were in the demo in order to view basic page view information. It was not supposed to be in the final code. There are no issues with data protection and/or privacy, as it doesn’t report on any of the content held within the page. Please feel free to remove it or use the updated code when it’s verified. Thanks for pointing this out!
Hi there, I sent you an email. Please check it out and let me know Thank you.
Hey! Please check your spam folder, I sent a reply a couple of hours ago! I’ll re-send the email now
Hello! Dear tech support, prompt, the system can be installed only in the directory where it is necessary to monitor changes? Is it possible that the system was installed on a subdomain and was controlled by changing the domain name?
Hello, If the two domains are on the same server, this should be absolutely fine. As you can define the full server path, for example: /var/www/domain/public_html, the path to your subdomain could be /var/www/subdomain/public_html.
So, in summary, if the two domains are on the same server, then yes you can do this! If you have any other questions, please feel free to ask, and I hope I could be of help today!
Thanks for the reply! Set. But the system as it partially works, reads all the folders in the category only the first 4, and if you try to change files in these 4 controlled files, the system sees that the file has been modified, but does not show the line.
the system does not have enough time to scan all the folders
Would you please email me using either the PM tool, or at the email address you can find in the help documentation file with a screenshot of your problem and I’ll try and get it sorted as soon as possible!
OK.
Sent a letter
Just saw it, sending a reply now! Please check your spam folder in 20 – 30 minutes if you haven’t received anything!
I uploaded the files to the server, then when i go to the site it’s a blank page not installation page or anything. How do i fix this?
Hello,
Once you’ve uploaded the files please go to the directory you uploaded them to, and add install.php on the end of the link. e.g. example.com/verifile/install.php
Do I have to add cronCheck.php to cron jobs ? Documentation do not mention it.
Yes that is correct!
Thanks.
Hello I bought verifile, but I can not make it to work. I did like in the documentation, but it keep loading very hard – it took 3-4 minutes untill the dashboard, and I don’t receive any emails. I did: - delete a folder and file - upload a folder and file - edit a file
And many other operations, but ..I don’t get any email telling me that something changed.
Beside, the customer support is zero. I get no answer, a few days already. Please assist Thank you
Hello, We aim to reply within 24 hours, and your issue is currently being worked on by one of our support team members. There are some options that need enabling in the settings page in order to automatically receive emails, and also improve loading times. Sorry for the delay, and I hope your issue is resolved soon!
So, I wait now, or is there anything that I need to do?
Hello,
You should have received an email by now, if it is not in your inbox please check your spam folder.
I have no emails. I check all my folders.
I wrote you an email to a**b@pr*fresh.net Please verify it.
Hello, I believe you may be having some issues on your side, as I have also used another email account and Envato’s PM system to try and get into contact with you! Also, I am receiving your emails!
I havent receive anything. My email works fine. Please help me with this to make it work… Thank you Try to my other email: ride2esc [@] yahoo.com
I’ve re-sent the email to your two email addresses, and via the comment section. If this doesn’t work I’ll contact envato to handle a refund.
Hi; The folders added to the list scanned recursively? And where/how does it keep the settings and scan results? A mysql db or flatfiles? Hope flat files in sense of backup/restore easily.
Hi there, Yes, they are added recursively – you specify one directory and everything inside of it is scanned. Flat files would be ideal for a small database, but most of the users are scanning over 1000 files, making them very inefficient as the entire database needs to be loaded into your server’s memory each time. The previous versions of Verifile implemented a form of flat file database, and it was the root of a lot of problems!
Through my personal experience MySQL (Verifile uses PDO) is very easy to manage in terms of backing up, restoring & updating, especially as it allows you to keep your database intact when updating the script.
If you have any more questions, please do not hesitate to ask!
Thanks for your detailed reply. After your reply I login to check in detail and realized one issue. The new added or modified files (files of risk) doesn’t have any information. No path, no option to delete them directly etc. The interface is charmy but maybe it can be better to list them as classical rows with their path and option to delete
all bests
There is a button at the bottom you can click that goes to a page, which shows you an in-depth analysis of the file. It is explained in the documentation, but it isn’t too obvious – something that will be changed in the next update. In terms of deleting the file, a feature such as that requires a huge amount of security & accuracy testing in order to ensure it works correctly, so we decided to keep it for the next update too. The “Scan Results” page will be focused on heavily, as the main focus for this update was the dashboard page as well as the general GUI & UX. Thank you for your great insight, comments like this are exactly what helps make Verifile an even better product!
I checked the link, now I realized about it
It’s fine to see detailed report about infected files, but doesn’t cover the vital needs.
Actually; There are tons of bloatware and subscription services for newbies. Automated stuffs. But real sense of security is a bit different. Nice that you are offering a self managed script. But also seems to offer some fancy stuff. What I can say is, no need to follow their ways. Doing the best in this field is so easy.
There is no software on planet earth can report about malwares accurately relying on signature patterns or heuristic (code analysis) scan. If somebody can intrude my servers, means he/she is not a newbie and absolutely will not use a script with a known pattern.
The only (known) aproach can promise nearly %100 over files security is filesystem monitoring. As your software but it needs to report about;- Any new file
- Any modified file
- Any deleted file (because they can delete files to break security mechanisms)
- New files path and creation date/time
- Modified files path and modify date/time
- Deleted files path (where they should be)
This is the minimum aproach for the needs.
Right closed to the minimum need is the option to delete files. It’s just a command and a button assigned to it. Dont think that you will need to deal with tons of security measures. Securing a website with chmod’s is actually dead since new scripts are made of thousands of files and a few hundreds of directories. Just rely on suPHP, delete means simply delete
- After a server breached and become accessible, sure they can modify the security scripts to become useless. Or better than it, they can modify code to report server as clean.
- But nobody will spent time to do those since nearly all the software vendors do the same mistake. Mistake? To keep the scan logs in the same server they want to protect. So, since you have a file access, just add a line to current files list and declerate your mailicious shell like it already exists (like not new)
- Scanning a server will cause a terrible disk IO bottleneck, obvious. But nice part is disk IO’s are not densitively monitored by datacenters. Rather they follow up CPU & RAM. But this is the case between you and datacenter if you are on a shared hosting. VPS, Dedicated no matter at all. But perfomance is an issue expecially on a fileserver and the security software must to let user to create some proflies and run them seperately. Not a scan button which will start to read all file system until a possible execution timeout or several minutes of disk bottleneck.
- CPU usage. Well it sounds as “trivial” for a hash algoritm. But when it comes to server management, trivial is also something. There is a mis-understanding on security levels of hash algorithms. All those depending on different fields of usage. For example MD5 is not a safe algoritm for cryptographical communication, since it can have collisions. Collision is not something you can face on file monitoring. It is something you need a few of supercomputers and a plenty of time to cath one. After you can abuse it on a encrypted communication. But not on a file monitor. No no no…
So, if you used SHA like many new scripts (making the same mistake), suggest to turn back to MD5 since it’s weak points are not a mater for an integrity checker. Nobody on planet can invest million dolars and maybe a year to just find a collusion between a legit file and a shell. With that investment you can simply buy all the websites you decided to hack
- Keep it in a centralized place to scan files out of it’s area. Like to keep it in a maindomain.com and be able to scan mysite.com myblog.org from there.
How:Simple, get the FTP datas of the sites to scan, upload the scanner and command it to run, after scan finishes, scanner will command back to mainserver to take scanlogs from there and even delete the scanlogs and scanner script from destination. I’m densitively busy over security infrastructures. What I can say is, this is the easiest way to overcome all risks. And I’m not a programmer but what I know so far is; Just give me an optimized code of scanner, I can code the the FTP send, scan and take back part easily. And sure without using a framework. They are killer of security
Doing this aproach is not a big deal, really.
And a few additional suggestions; Let me share you a few samples which I’m not interested due to lacking points.
SSAM: http://goo.gl/oLhYPc
Pros: Access over FTP and even multisite.Some extra options etc.
Cons: Try to scan over FTP also (as far as I see). And usage (not interface) so complicated. Jumping from a screen to other with bugs. Uses MySql for nothing (just for a kilobyte of settings)
PbMonitor: http://goo.gl/9DFKAb
(Former codecanyon item. But no more in sales and author is not accessible)
Pros: Except of FTP access and delete option, have everything in need. Good options and useful interface. A good example of a file monitor. FTP no matter for me, I can reach all accounts centralized, but for shared host users it is not possible.
Cons: No FTP, no author around, no more in codecanyon. Looks like what there is left is just it’s demo
SuperScan: http://goo.gl/FsA5Kr (didn’t tested yet)
And some other can be used with parameters but functions so limited 1. http://goo.gl/xiSeO6 2. http://goo.gl/JHK72g 3. http://goo.gl/GNE68W
Finally, I didn’t include here any executable based softwares. What we discuss in here are the scrips. And what is useful and portable are also scripts.
All bests
Once again, thank you very much for taking the time to write such a detailed comment! You raise some very interesting and valid points. The “virus” (web shell) scanner simply handles the well known threats, that most low level attackers would use, such as C99/C100, r57 etc. I could have created a much bigger database, but as you said, there would be no point in that as unknown shells would not appear.
So the other option is filesystem monitoring – a great alternative, but very resource intensive. Currently the system reports on new, modified and dangerous files. In the past, it reported on deleted files too, however this was more of a nuisance to most users than a positive feature. The difficulty is creating a system that can scan on a very regular basis without making a noticeable impact on the speed of a client’s server. Currently the Verifile team is looking into a way of doing this, which should be included in the next update. In terms of deletion security, what I was trying to say is that I don’t want to give a malicious user a way to wipe out files using my script! Due to this, a lot of in-depth testing needs to occur!
In regards to an attacker modifying the script – you have much bigger problems than this not working if they’re advanced enough to be able to re-code it and modify the scan results! More than likely the attacker will be extremely capable, with a lot of resources at their disposal.
Your proposed FTP feature is a great idea – please feel free to contact me via the contact form on my profile if you would like to discuss it further! You have to keep in mind this script is still in it’s early stages. I’m finally happy with how it looks, but I have so many features I want to include that I simply have not had the time to implement yet! Over the next coming months, I will be rolling out what I believe to be some features that will make Verifile the industry’s leader!
Again, thank you for taking the time and effort to give me your input, it’s extremely valuable to hear other people’s opinions, and it really helps me understand what changes need to be made!
Hello. Does this plugin detect or clean malicious code that can possibly be inside any of the website files, even those before the install of your plugin?
Hi there!
The plugin actively scans whatever files are currently in the directories you want to monitor. This includes anything uploaded before the plugin was installed, as well as anything else that is uploaded at a later stage. If you have any more questions, please do not hesitate to ask!
Hello
I have reinstalled the latest version. I am getting message inside the dashboard: The following directories can’t be scanned:
I suppose where the problem is, but need a confirmation from the author:
Does verifile needs to be installed individually for each virtual host on my server or can it check all virtualhosts on the server? since all virtualhosts have their separate folders.
Please confirm
Hi there,
You are correct in assuming that it is a problem with the virtual hosts. If the user that has ownership over the files (usually the user you uploaded the files with) does not have the high enough permissions, then Verifile cannot scan the directory you specified. One way to solve the issue would be to have a separate installation for each virtual host, but it is not necessary.
If you have the technical knowledge, re-uploading the files with a user that has higher permissions and can access all of the directories on your server (e.g. root) should solve this problem. For specific details or more in-depth help, please send me a private message and I’ll be happy to help further!
okay! the directories have been accepted now. Exactly, it was the user type which solved the issue.
The question now is: 1. Do i have to physically run scans or they will be performed automatically or is the app watching all the time for any kind of changes happening inside the directories?
2. Also, I understand that the app scans for all level of lower directories withing the main selected directory to scan?
Hello,
In regards to your questions, you can do both! There is an option on the dashboard to run a scan whenever you want, and there is also an automated system that can be setup with CRON jobs. There is a basic explanation in the documentation on how to do this, but if you need any help with the process please let me know! You are also correct in assuming that any lower directories are also scanned. If you have any more questions, please do not hesitate to ask!
Thanks for the response. 2 more questions:
1. Why do i always see on the dashboard: “Last Scan 01/01/1970 00:00:00”
2. Upon running the scan i don’t get any notification – scan completed or finished for eg. and inside the scan reports screen always shows “No infected or unknown files found!”
Hi again,
The first issue is caused because the scan is not being completed. Please ensure you are not leaving the page before you receive a message notifying you the scan has finished. The second issue is due to the first problem – if the scan is not completed there won’t be any results!
Hi your script look great, are you planning to add new update soon? also are you planning to add XSS/SQLi protection or more security modules? regards.
Hi there, we’re currently finalising an API system for a whole range of new features, so this one is taking quite a while! This script aims to monitor and secure your server environment, and so does not actively interact with your files in that way. Although SQLi / XSS protection is not going to be featured in the next update, I can discuss it with the team and update you! The next update will focus on making it much easier for a novice user to identify threats, as well as file submissions and updates to make the script even more automated. If you have any more questions, please feel free to ask!
Ok great to know that, so there will be more updates, thats great, yeah this script seems great to protect Wordpress it get hacked all the time with new files, so this script works with all php script right?
Yes that is correct, we also have a plugin specifically made for Wordpress, however that has not been updated to the latest version just yet. Once this next update is implemented, we will be concentrating on the plugin version!
I send you an email, need help with the script, I got some warning after install
Hello, I just took a look at your setup, and the issue was that the user you uploaded the files to your server with did not have permission to scan the directory you wanted! If you need help with changing the file permissions, please email me again and I will provide all the support I can!
Ok I see, well I try with the main public_html but the same, I got the warning in the dashboard, can you please try to configure it with another folder and try if works, I miss something on how to configure it, that domain was hacked with some infected files it was wordpress, but the host provider quarentine all, so I restore the files and need to scan to see which files are infected, regards
I’ve now added a second directory – the issue was the user’s permissions again. If you have been hacked, I would definitely propose you start fresh again, meaning completely re-install Wordpress and ensure it is up to date, otherwise the hacker can exploit your site in exactly the same way!
Ok I see, so it was permissions, I will install it in another domain to make test, and yes I will start over but I wanted to test your script in this installation to see if it detects the new files that are infected, I will make another test, regards.
Support opencart?
This is a standalone (it runs by itself) script, so yes, although it doesn’t integrate directly into it.
Hi, i cant get your script working, PHP 5.6 tons of error and warnings like this ones:
2017/10/14 18:03:05 [error] 29772#0: *97 FastCGI sent in stderr: “PHP message: PHP Notice: Undefined index: exclude_dirs in /home/xxxx/public_html/verifile/settings.php on line 229” while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: xxxx.com
2017/10/14 18:03:55 [error] 29772#0: *97 FastCGI sent in stderr: “PHP message: PHP Warning: preg_match_all(): Compilation failed: missing ) at offset 15 in /home/xxxx/public_html/verifile/includes/scanner.php on line 31
PHP message: PHP Warning: preg_match_all(): Compilation failed: missing ) at offset 17 in /home/xxxx/public_html/verifile/includes/scanner.php on line 31
2017/10/14 18:03:55 [error] 29772#0: *97 FastCGI sent in stderr: “n failed: missing ) at offset 147 in /home/xxxx/public_html/verifile/includes/scanner.php on line 31
Hi there, can you please send me a message via the PM system with this information?
Warning: Division by zero in D:\www\sec\dashboard.php on line 24
Warning: Division by zero in D:\www\sec\dashboard.php on line 25
Warning: Division by zero in D:\www\sec\dashboard.php on line 26
Hi there, I’m sorry you’re having this issue. Please try and run a scan and see if that solves the problem. If it doesn’t, send me some more information about the server you’re hosting the script on (OS, PHP version & database engine) via PM and I’ll get the issue sorted as soon as possible.
can this script find backdoor code? and check malicious code in the database? what about malicious encrypted code?
There is a database with some well known samples and dangerous code snippets.