Difference between revisions of "Integrity Check"

From Contao Community Documentation

(Creating integrity check)
Line 60: Line 60:
 
The integrity check need a check plan. This can be used for any of the files for the time, the art of check and the action.<br />
 
The integrity check need a check plan. This can be used for any of the files for the time, the art of check and the action.<br />
  
[[File:Example.jpg]]
+
[[File:check_plan_en.jpg]]
  
 
===Time intervals===
 
===Time intervals===

Revision as of 12:37, 16 August 2012

I'm not a native English speaker. Please correct my mistakes.

Integrity Check
Integrity check for some files from Contao (Detection of hacked Contao installations.)


Extension-Overview
Name of the developer Glen Langer (BugBuster)
Developer Website http://www.contao.glen-langer.de
Version of the extension 1.0.0 rc1
Compatibility with Contao Version ab 2.10.0
Link to Extension Repository http://www.contao.org/en/extension-list/view/integrity_check.en.html
Link to Tracker https://github.com/BugBuster1701/integrity_check/issues

In Contao Forum, reports came about changed files, which malicious code was attached.
The problem itself can not be attributed to a vulnerability in Contao, but will be distributed over other ways of the server, eg vulnerable WP plugins, hacked servers, hacked FTP logins, etc.

Forum

Questions about the Bot Detection module will be answered in Forum
Errors and requests can be reported in the Issue Tracker.

Installation

The installation of the module occurs about the extension Repository in back end of Contao.
A manual installation is possible. Download the ZIP file from Extension Repository, unzip and transfer it.
A directory should have been created "/system/modules/integrity_check".
Then call /contao/install.php - Perform Update Database.

Example of an Infection

How now looks like such a hack?
The attachment to the file index.php looked like this (shortened):

#c3284d#
echo(gzinflate(base64_decode("ZZBNisMwDIX.......T7oD")));
#/c3284d#

Function of the module

In the current version, the three most important PHP files are checked for modifications.
This files will be checked:

  • index.php
  • contao/index.php
  • contao/main.php

Time of verification

This test is performed automatically. (Contao-Cron)

Detection

The check is identical to the official Contao check tool, that means via MD5 checksums. Checksums are available for comparison for Contao from 2.10.0.

Using

In the backend, you can see the results: System - System Log. Normally, if everything is OK, there appears only one message:

  • Checking files for integrity is completed.

If modifications were detected, a message is generated for each file:

  • Integrity status for file index.php is: Corrupt

An information by mail is possible, see the section Mail_to_Admin.

Technical Details

Creating integrity check

The integrity check need a check plan. This can be used for any of the files for the time, the art of check and the action.

Check plan en.jpg

Time intervals

  • in Contao 2.10: daily, weekly, monthly
  • in Contao 2.11: hourly, daily, weekly, monthly
  • in Contao 3.0*: minutely, hourly, daily, weekly, monthly
*Contao 3.0 Version still in development

Mail to Admin

It is possible to send a mail to the Admin of the installation. In the localconfig.php the following line is appended at the end of the file:

$GLOBALS['TL_CONFIG']['mod_integrity_check']['send_email_to_admin'] = true;

Debug Modus

Normally, the module sends only a "finished" message in the system log. Will you see what files have been checked, you can switched on the module's debug mode. In the localconfig.php the following line is appended at the end of the file::

$GLOBALS['TL_CONFIG']['mod_integrity_check']['debug'] = true;

Protection against infection

Well, a general protection is probably not possible.
But there is a possibility that the malicious code is not executed. There is a ticket to GitHub, it is accepted for Contao 3. Here is the short info for Contao 2.
Edit the index.php, go to the method "run" in the last line, should be the line of 269th (2.11.5) Before the curly bracket insert an exit; or insert a row for it. Here is from line 268 as an example:

        }
    }

change to:

        }
        exit;
    }

Note: Now is the Integrity Check Tool, as well as the Contao Check Tool to report a change.



--BugBuster 14:14, 2 August 2012 (CEST)

Views
Personal tools

Contao Community Documentation

In other languages
Navigation
Discover
Understand
Enhance
Miscellaneous
Tools