Hi Geoff, Any of these comparison suggestions are fine, but they miss the point. If the site is hacked, the hacker can come back every day, or hour and reinstall his links. You can be sure he already has an automated process.
You need to find the source of the break in and then plug it. After that a comparison script will be useful to alert you to new problems. -tom On Jan 28, 2008 10:32 AM, Nadav Har'El <[EMAIL PROTECTED]> wrote: > On Mon, Jan 28, 2008, Geoffrey S. Mendelson wrote about "Finding porn > links in hacked web pages": > > He is not technicaly inclined at all, and does not have the ability > > to check his pages without going to each one in a browser and looking > > at the page source. He has thousands of pages and runs the site as > > a Jewish news site, with no income. > > > > I was thinking that I could write a program that scans each of his > > web pages using wget or lynx to download them, but don't want to > > start writing code if it has been already done. > > If this guy is the only one changing his content, what I would do is run > a trivial script on a remote machine: every day (or whatever) fetch the > entire content of the site (with wget) compare (with cmp) the new content > to the previous content, and finally email or SMS this guy the number of > modified files. If he knows that he modified one page, and got a mail > saying > one page changed, he's safe. If he changed nothing and got a message that > 100 pages changed, he knows he has a big problem. > I don't think that "scanning for porn links" will work; How will you know > that these are porn links? And what will happen the next time his site is > cracked, and the cracker won't add porn links, but do something else? > > During the doc.com boom, I remember an Israeli startup whose business was > exactly this - noticing that a site has been defaced using remote servers > which constantly try to download pages from the site and notice if > something > has changed. Unfortunately, I can't recall now the company's name. > > > -- > Nadav Har'El | Monday, Jan 28 2008, 21 Shevat > 5768 > [EMAIL PROTECTED] > |----------------------------------------- > Phone +972-523-790466, ICQ 13349191 |A messy desk is a sign of a messy > mind. > http://nadav.harel.org.il |An empty desk is a sign of an empty > mind. > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > -- -tom 054-244-8025
