SuperScan: Website file change monitoring tool
Core functions:
SuperScan is an upgraded script designed to promptly remind webmasters of any changes to their files, including additions, modifications or deletions. It works by scanning the specified directory and comparing the hash of the current file with the hash value stored in the database that was previously scanned.
Efficient and lightweight:
SuperScan tools are efficient and do not affect server performance. Scanning an account with 1500 files takes about 0.75 seconds. It allows frequent scans without overwhelming the webmaster, only reports changes since the last scan and provides daily summary reports.
Forensic support and security enhancement:
SuperScan also supports forensic investigations, which stores the last modified date and time of the file in the database, as well as the hash value of the most recently scanned. It can run outside of the website space to prevent casual hacks and can even alert webmasters of coding issues by changing the error_log file.
As a certified ethical hacker, I know that prevention is the best strategy to stop hacking, but if a hacker really breaks through the line of defense, the sooner you know, the faster you can take action to limit your losses.
Previously, I introduced a script called hashscan to track website changes. The script executes via daily CRON, reads files in a specified directory (for example, the public_html directory of an account on the server), generates hash values (for files with a specific file extension), and transfers them with previously scanned in the database Compare hash values. This is a great way for website owners to get them to discover files that hackers have added, changed, or deleted in a timely manner.
This article will introduce an updated version of this script called SuperScan.
Advantages of SuperScan:
The main advantage of SuperScan is that it can report any changes to files in your account, whether the file changes are added, changed or deleted. SuperScan was designed to avoid overwhelming website administrators. It only provides reports of changes since the last scan (default is one hour, but can be configured via CRON) and summary reports (default is daily, but can also be configured via CRON).
Since it takes about 0.75 seconds to scan an account with 1500 files, SuperScan can run frequently without affecting server performance.
To support forensic investigations, the file's last modified date and time, as well as the hash value of the most recently scanned (and previous scans of the changed file) are saved in the database.
No need to change the scanner file, as all variables are set in the required configuration script. You can select the specific file extension (or all file extensions) to scan in the configuration script, or if you select all file extensions, you can select the file extension to ignore. In addition, you can specify directories that the scanner will not scan.
While SuperScan files can be tested within the website space, I recommend moving them out of the website space via CRON for production use to prevent casual hacking.
Finally, an additional benefit is that changes to the (no extension) error_log file are captured and can draw the attention of the website administrator to the encoding issues missing during the testing process.
SuperScan Logic:
The logical flow of SuperScan is as follows:
- Read the baseline information of files in the database;
- Scan the system's files and calculate their hash values;
- Compare the baseline file with the current file to determine the changed file to be generated:
- Added file list;
- Changed file list;
- Deleted file list;
- Process each changed file list (update the database);
- Prepare and send a report if needed.
Database, variables and working arrays:
To avoid details here, I have added comments to all scripts.
In short, there are three tables in the database:
- baseline: Contains $file_path, file hash value, and file last modified date and time. I also added an account so that multiple accounts can use a single database;
- history: Record each detected change (or no change) and each scan;
- scanned: Records the scan summary date and time, as well as the number of changes and associated accounts.
Warning #1: I have to emphasize that the $testing variable set by configure.php will trigger a large amount of output, so it can only be used for testing and not during CRON jobs!
Warning #2: Since path/to/file is used as a key, it must be unique. This means multiple accounts can never scan the same file.
Warning #3: Additionally, Windows servers will use backslashes, which will be changed to slashes immediately because they will cause characters in the database to be lost. Additionally, using apostrophes in file names will cause problems with database queries.
Work arrays are designed to take advantage of PHP's functions that access keys ($file_path; this is also a file structure iterator, so never change $iter->key()).
$baseline is read before starting the scan, $current is the result of the scan, and the $added, $altered and $deleted arrays accumulate changes from $baseline and are used to update the $baseline for the next scan.
File:
superscan.zip file contains 7 files:
- CreateTables.sql, can be used to set tables;
- ReadMe.txt, provides an overview of SuperScan scripts;
- scanner.php, scan the script, requires configure.php and scandb.php (connect to your MySQL server and return $scandb handle);
- reporter.php, will provide the summary of the most recently scanned through CRON;
- CRON.txt, provides example CRON directives for scanner.php and reporter.php.
Cleaning:
Create $report when a file change is detected and store and send emails when it is not a "negative report". A summary report is used to get a "warm, vague feeling" when you don't receive a change report.
During the cleaning process, records in the history and scan tables for more than 30 days are automatically cleared to prevent the database from growing infinitely, large arrays are destroyed (reset to empty), and the database is closed.
Summary:
I believe SuperScan has been greatly improved over my previous efforts and is a tool worth upgrading. It can frequently notify changed files, and "negative reporting" won't overwhelm the webmaster with unnecessary "unchanged" notifications.
Download SuperScan code from GitHub
Acknowledgements:
SuperScan was suggested by Han Wechgelaer (NL) who emailed to extend my previous hashscan script to capture history of account file changes, as well as perform more frequent evaluations and add daily summary.
Han was very generous with providing his startup copy on this project, and between us, this evolved into SuperScan. Without Han’s gentle supervision and help, SuperScan would never have started, and of course it would not have become the excellent tool today.
I would love to know how you view this script, or if you have any questions or feedback.
FAQs on detecting hacked files with Cron.php SuperScan:
What is Cron.php SuperScan and how does it work?
Cron.php SuperScan is a powerful tool designed to detect and identify hacked files in the system. It works by scanning system files regularly (usually set by the user) and alerting any suspicious or modified files when they are detected. This tool is especially useful for webmasters and system administrators who need to maintain system security and integrity.
How do I set up Cron.php SuperScan on my system?
Setting up Cron.php SuperScan involves uploading scripts to your server and configuring them to run regularly. This can be done through the server's control panel or through the command line. Once the setup is complete, the script will automatically scan your system files and alert you of any potential threats.
Cron.php What types of files can SuperScan detect?
Cron.php SuperScan detects various file types that are usually associated with hackers. This includes PHP files, HTML files, JavaScript files, and more. It can also detect hidden files and directories that may be used by hackers to unauthorized access to your system.
Cron.php How does SuperScan compare to other file scanning tools?
Cron.php SuperScan provides a more comprehensive and automated solution compared to other file scanning tools. While other tools may require manual scanning and analysis, Cron.php SuperScan automates the process, saving you time and effort. It also provides detailed reports of its results, making it easier for you to identify and address potential threats.
Cron.php Can SuperScan prevent hacking?
While Cron.php SuperScan is an effective tool for detecting hacked files, it does not prevent hackers. Its main function is to alert you of potential threats so that you can take appropriate measures. However, using this tool regularly can help you maintain your system's security and reduce the risk of successful hacking.
How often should I run Cron.php SuperScan?
Scan frequency depends on your specific needs and the level of security required by the system. However, it is generally recommended to run Cron.php SuperScan at least once a day for optimal security.
What should I do if Cron.php SuperScan detects a hacked file?
If Cron.php SuperScan detects a hacked file, action must be taken immediately. This may include deleting files, recovering files from a clean backup, or contacting a cybersecurity professional for further assistance.
Can I customize the settings of Cron.php SuperScan?
Yes, Cron.php SuperScan allows you to customize its settings to suit your specific needs. This includes setting the scan frequency, specifying the file type to scan, and configuring alert notifications.
Is Cron.php SuperScan suitable for all systems?
Cron.php SuperScan is designed to work with most PHP-enabled systems. However, it may be compatible with not all systems, so it is recommended to check system requirements before installation.
Is Cron.php SuperScan free to use?
Cron.php SuperScan is a paid tool, which means it needs to be used for a paid basis. But, given the level of security it offers and the potential cost of a successful hack, it is a worthwhile investment for most businesses and individuals.
The above is the detailed content of Quickly Detect Hacked Files via CRON/PHP: SuperScan. For more information, please follow other related articles on the PHP Chinese website!

The rise of Chinese women's tech power in the field of AI: The story behind Honor's collaboration with DeepSeek women's contribution to the field of technology is becoming increasingly significant. Data from the Ministry of Science and Technology of China shows that the number of female science and technology workers is huge and shows unique social value sensitivity in the development of AI algorithms. This article will focus on Honor mobile phones and explore the strength of the female team behind it being the first to connect to the DeepSeek big model, showing how they can promote technological progress and reshape the value coordinate system of technological development. On February 8, 2024, Honor officially launched the DeepSeek-R1 full-blood version big model, becoming the first manufacturer in the Android camp to connect to DeepSeek, arousing enthusiastic response from users. Behind this success, female team members are making product decisions, technical breakthroughs and users

DeepSeek released a technical article on Zhihu, introducing its DeepSeek-V3/R1 inference system in detail, and disclosed key financial data for the first time, which attracted industry attention. The article shows that the system's daily cost profit margin is as high as 545%, setting a new high in global AI big model profit. DeepSeek's low-cost strategy gives it an advantage in market competition. The cost of its model training is only 1%-5% of similar products, and the cost of V3 model training is only US$5.576 million, far lower than that of its competitors. Meanwhile, R1's API pricing is only 1/7 to 1/2 of OpenAIo3-mini. These data prove the commercial feasibility of the DeepSeek technology route and also establish the efficient profitability of AI models.

Midea will soon release its first air conditioner equipped with a DeepSeek big model - Midea fresh and clean air machine T6. The press conference is scheduled to be held at 1:30 pm on March 1. This air conditioner is equipped with an advanced air intelligent driving system, which can intelligently adjust parameters such as temperature, humidity and wind speed according to the environment. More importantly, it integrates the DeepSeek big model and supports more than 400,000 AI voice commands. Midea's move has caused heated discussions in the industry, and is particularly concerned about the significance of combining white goods and large models. Unlike the simple temperature settings of traditional air conditioners, Midea fresh and clean air machine T6 can understand more complex and vague instructions and intelligently adjust humidity according to the home environment, significantly improving the user experience.

Website construction is just the first step: the importance of SEO and backlinks Building a website is just the first step to converting it into a valuable marketing asset. You need to do SEO optimization to improve the visibility of your website in search engines and attract potential customers. Backlinks are the key to improving your website rankings, and it shows Google and other search engines the authority and credibility of your website. Not all backlinks are beneficial: Identify and avoid harmful links Not all backlinks are beneficial. Harmful links can harm your ranking. Excellent free backlink checking tool monitors the source of links to your website and reminds you of harmful links. In addition, you can also analyze your competitors’ link strategies and learn from them. Free backlink checking tool: Your SEO intelligence officer

DeepSeek-R1 empowers Baidu Library and Netdisk: The perfect integration of deep thinking and action has quickly integrated into many platforms in just one month. With its bold strategic layout, Baidu integrates DeepSeek as a third-party model partner and integrates it into its ecosystem, which marks a major progress in its "big model search" ecological strategy. Baidu Search and Wenxin Intelligent Intelligent Platform are the first to connect to the deep search functions of DeepSeek and Wenxin big models, providing users with a free AI search experience. At the same time, the classic slogan of "You will know when you go to Baidu", and the new version of Baidu APP also integrates the capabilities of Wenxin's big model and DeepSeek, launching "AI search" and "wide network information refinement"

This Go-based network vulnerability scanner efficiently identifies potential security weaknesses. It leverages Go's concurrency features for speed and includes service detection and vulnerability matching. Let's explore its capabilities and ethical

AI Prompt Engineering for Code Generation: A Developer's Guide The landscape of code development is poised for a significant shift. Mastering Large Language Models (LLMs) and prompt engineering will be crucial for developers in the coming years. Th


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Atom editor mac version download
The most popular open source editor

Dreamweaver Mac version
Visual web development tools

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function