Jifunze jinsi ya kufuatilia (monitor) mabadiliko kwenye mafaili ya website kama config.php, .env, index.php, admin files, na core folders ili kuzuia malware, backdoors na unauthorized edits. Blog hii ina commands, tools, code examples na best practices kwa security ya PHP websites, Linux servers na shared hosting.
π WhatsApp: https://wa.me/255693118509
π Website: https://www.faulink.com
Utangulizi
Moja ya njia maarufu wanazotumia hackers ni:
β Kubadilisha mafaili
β Kuongeza malicious code
β Kudump command injections
β Kuingiza backdoor scripts
Kama hutoi File Change Monitoring, unaweza kugundua shambulio baada ya wiki au miezi.
Kwa hiyo monitoring for changes ni sehemu muhimu sana ya Website Security.
1οΈβ£ Kwa Nini Monitoring for Changes Ni Muhimu?
Kwa sababu:
Inakuonyesha file yoyote iliyoguswa
Unajua nani alibadilisha nini
Unagundua backdoors mapema
Unapunguza uharibifu
Unazuia silent attacks
Mfano wa faili ambazo lazima zilindwe:
config.php
.env
index.php
admin/*
includes/*
themes/*
plugins/*
2οΈβ£ Checked File Changes Automatically (Linux Servers)
Command ya kuona mafaili yaliyobadilika masaa 24 yaliyopita
find /var/www/html -type f -mtime -1
Mfano: kuona ndani ya dakika 60 zilizopita
find /var/www/html -type f -mmin -60
Hii inaonyesha hacker akibadilisha file.
3οΈβ£ Monitor Changes Kwa md5 Checksums
Unaweza kutengeneza snapshot ya mafaili salama:
Generate baseline hash
find /var/www/html -type f -exec md5sum {} \; > baseline.md5
Check for changes
md5sum -c baseline.md5
Hii itakuonyesha:
FAILED
OK
File yoyote yenye "FAILED" imebadilishwa.
4οΈβ£ PHP Script ya Kufuatilia Mabadiliko (Simple Monitor)
<?php
$directory = "./";
$files = scandir($directory);
foreach ($files as $file) {
if (is_file($file)) {
echo $file . ": " . filemtime($file) . "\n";
}
}
?>
Hii script inaonyesha last modified time.
Unaweza kuiwekea cron job ili ukipata mabadiliko, ikutumie email.
5οΈβ£ Advanced Monitoring Tools (Linux)
β AIDE (Advanced Intrusion Detection Environment)
Ni powerful na hutumiwa na security admins.
Install AIDE:
sudo apt install aide
Initialize:
sudo aideinit
Check:
sudo aide --check
AIDE inakuonyesha file yoyote iliyobadilishwa, kufutwa au kuongezwa.
β inotifywait (Realtime Monitoring)
Install:
sudo apt install inotify-tools
Real-time alert:
inotifywait -m /var/www/html
Ikigusa file lolote, utaona live:
MODIFY index.php
CREATE backdoor.php
DELETE config.php
6οΈβ£ Monitor Changes kwenye Shared Hosting (No SSH)
Kwa hosting kama:
Hostinger
Namecheap
Bluehost
Afrihost
Huwezi kutumia commands β lakini unaweza kutumia PHP File Change Monitor.
Simple PHP Change Detector
<?php
$folder = './';
$log = 'changes.log';
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($folder));
foreach ($files as $file) {
if ($file->isFile()) {
$timestamp = date("Y-m-d H:i:s", $file->getMTime());
file_put_contents($log, $file . " - Modified: " . $timestamp . "\n", FILE_APPEND);
}
}
?>
Unaweza kui-run once daily via Cron Job kwenye cPanel.
7οΈβ£ Monitor Changes Using WordPress Plugins (If WP)
Kwa WordPress tumia:
Wordfence
iThemes Security
Sucuri Scanner
Hizi huonyesha:
β Files modified
β Files deleted
β Files added
β Malware traces
8οΈβ£ Notify File Changes by Email (PHP Example)
<?php
$target = "config.php";
$last = filemtime($target);
if(!file_exists("mtime.txt")){
file_put_contents("mtime.txt", $last);
}
$old = file_get_contents("mtime.txt");
if($last != $old){
mail("admin@example.com", "File Changed", "$target was modified!");
file_put_contents("mtime.txt", $last);
}
?>
Ukigusa config.php, utapata email instantly.
9οΈβ£ Recommended Folder Structure for Monitoring
project/
β
βββ monitor/
β βββ baseline.md5
β βββ monitor.php
β βββ log.txt
β
βββ config/
βββ public/
βββ storage/
π Monitoring Checklist (Ready-to-Use)
Task Status
Baseline md5 checksum created β
Cron job monitoring runs daily β
Real-time alerts via inotify Optional
Sensitive files monitored β
Logs stored securely β
Email alerts configured Optional
Backup after monitoring β
Hitimisho
Monitoring for changes ni moja ya ngao muhimu zaidi kwenye website security.
Ukiona faili limebadilika bila ruhusa β hiyo ni ishara ya shambulio.
Kwa msaada wa Website Security Hardening, malware removal, au monitoring setup:
π WhatsApp: https://wa.me/255693118509
π Website: https://www.faulink.com