W.O.P.R STORM monitor - how to find intruders

Protect your website by monitoring your content.

This is a set of tools and utilities to monitor, and discover unauthorized intrusion of your website. It's a kind of Intrusion Detection System for webservers.

GOTO: Understand your Enemy, or - Rationale

Get an Overview of the monitor concept.

Contents monitoring

Discover use as placeholder for malware files.(Description in pipeline)
Discover use as redirection to malware files.(Description in pipeline)
Files - .exe, .js , .htaccess etc.(production ready)
MS SQLServer database.(production ready)

The Serverside tools

ASP driven websites.(production ready)
- Monitor - ASP The serverside ASP file, which is used by the Monitor for ASP systems, Description here
- Monitor - ASP/md5 Include file to the serverside ASP file.
- Monitor - TEST/asp A testform to verify the serverside ASP file.
PHP driven websites.(production ready)
- Monitor - PHP The serverside PHP file, which is used by the Monitor for PHP systems, Description here
- Monitor - TEST/php A testform to verify the serverside PHP file.
ASP/MS SQLServer sites.
- 3 steps to install the table and functions/triggers
- Monitor - ASP/SQL Description here
mySQL.(NOT in pipeline p.t.)
- Should be possible to make with newer versions of mySQL
Oracle.(NOT in pipeline p.t.)
- Should be no problem.
postgreSQL.(NOT in pipeline p.t.)
- Should be no problem.

SQLite - getting and setting up

GOTO: SQLite installation and setup.

Clientside Monitor/probe

The ini file common(allmost) to both Windows and Linux.
Download and install the Native windows service.
Download and install the Linux(x86) daemon or console.
Linux/WmWare(Description in pipeline)

About SQL Injection (finding & removing), may - aug 2008

How it's done, how we can find it, and eventually how to remove it. Index of the SQL injections