SMS alerts when your website is hacked 5


“The real genius was in the production engineering; the whole thing could be built with standard parts ordered out of Sweet’s Catalogue, with the exception of two three-dimensional cams and one printed circuit.”
The Door Into Summer, Robert A. Heinlein
No, of course I did not have to use Sweet’s catalog or use 3d cams and printed circuit.

Yes, I did it without spending any money too.

Prologue
I had the unfortunate experience of getting the Tripnaksha website hacked a couple of times earlier. I did trace the problem to a vulnerable Joomla extension and removed it, but the most important thing (apart from putting up strong defenses) is that you are aware of the attack – and as soon as possible. I had been looking for a way to put up an alert system so that I get to know as soon as there is some activity (file edits/mods/deletions) on my server. A little bit of Googling pointed me to a post by Jerod Santo‘s post where he explained how git (source control) could be used to send email alerts. This technique has the additional benefit that you will be forced to use source control for your code (which will save your ass on multiple occasions!) and give you a log of all changes, if you are going to release the code.
However, I check email only once in two hours (I consciously try to avoid the urge to be more frequent), and I sleep for 6-7hrs in the night. What if I got hacked then? So, I wanted to get SMS alerts setup as well. I finally got that done yesterday and today cleaned up the script/workflow and tested it too. Here’s the whole solution.
Solution in 3 steps-
  1. Install git on your server. There are plenty of guides for that – google some or use the link to Jerod’s blog above.
  2. Use the ruby script by Jerod or the shell script (below) I wrote to send you an email as soon as there is a change in the git repository. You should have a mail program installed on your server already – I have sendmail, if you have some other – you will have to modify line no 46. Also modify lines 12 and 14 for the from and to addresses. Since I wanted the alerts to come to my phone as an SMS, I used “git status –porcelain” instead of just “git status” – this gives the summary of changes without any extra information. You can modify this to your needs as well. Here’s what the typical summary looks like (M-modified, D-deleted,??-new files) –
  3. M abc.txt
    D parser.py
    ?? config/xya.cfg

    Be sure to run it via a cron job or some other automated process at regular intervals. Mine runs every 10 minutes –

    */10 * * * * /scripts/git_watch.sh /home/public_html/website/ >> /var/log/script_output.log 2>&1

    Shell script to send email when git repo is changed


    #!/usr/bin/env bash
    #--
    # Name : git_watch.sh
    # Author : Ajay Reddy (modified from ruby version by Jerod Santo)
    # Contact : "moc.ahskanpirt@yaja".reverse
    # Date : 2010 October 29
    # About : Check a git repo for changes and email to the provided email
    # address. Parameter - directory to check. Schedule with cron.
    # Inspired from http://blog.jerodsanto.net/2009/05/git-informed-when-your-site-is-hacked/
    #--

    SEND_TO="abc@domain.com"

    FROM="watch@domain.com"
    FROM_ALIAS="Git watch"
    SUBJECT="A repo has changed"
    BODY="A repo has changed"

    if [ $# != 1 ]
    then
    echo "Usage: #{__FILE__} [path to repo with .git directory]"
    exit
    fi

    path=$1

    cd $path

    if [ -d ".git" ]
    then
    result=`export PATH=$HOME/git/bin:$HOME/git/lib/libexec/git-core/:$PATH ; git status --porcelain; `
    if [[ ! -n $result ]]
    then
    exit
    else
    subject="Repo change : `echo $1 | awk -F'/' '{print $4}'`"
    message+="From: $FROM\n"
    message+="To: $SEND_TO\n"
    message+="Subject: $subject\n"
    message+="\n"
    message+=$result."\n"
    message+="Repo: $1\n"
    message+="Checked at: `date`\r\n"
    message+="Change log: \n\n"

    echo -e $message | /usr/lib/sendmail -t
    fi
    else
    echo "Sorry, no git repository at $path"
    exit
    fi

  4. Setting up SMS alert –Now, I setup the script to send me an email to my gmail address because it is the one I use frequently. Next, I created another email account on Hotmail – Hotmail has a free email-to-sms service in India. I got this tip from a blog. Voila! Whenever there is a change in the repo, the script on the server sends an email to my Gmail account, this gets forwarded to my Hotmail account and further to my cellphone as an SMS. The SMS has from email address and other stuff, but I still can make some sense out of it as I had removed all the extra info from the git status command.

Your own SMS alert system for free!

Does the quote at the start make sense now?

5 thoughts on “SMS alerts when your website is hacked

Leave a Reply