Since I got helped several times by you guys, I thought I'd drop by and share one piece of information that might help some of you keep safe
I developped a php script that basically crawls any given folder on a website and then stores within a text file an "ID" of this folder. Based on this ID and past ones, the script can say:
- which files have changed since last ID was created (based on filesize and/or sha512 signatures of all files)
- which files permissions have been changed since last ID was created
You can also compare various ID's created at different times.
1) This "check" might seem very simplistic (it is) but it allowed me to root out 2 trojan infections in just a few minutes
2) I plan to add various features in the near future (scanning for dangerous strings and functions, auto-detecting variables that were not sanitized / suspicious outbound links, etc ...)
The purpose of such a script is to assist me in detecting malicious additions to my phpbb source code (and other proprietary code developped by myself).
If some of you are interested by such an add-on then I can upload it to one of my websites and share it with the community.