This tool is working straight forward. Server administrator should run the application with the following specific parameters: path to the copy of the web site (source), path to the application directory, path to log directory and few more optional parameters.
This tool compares the source and the destination files, then copies the "defaced" files if any change occurs. The comparison occurs by default every 60 seconds, but can be defined differently.
Developer: Nir Valtman
Blog: http://valtman-nir.blogspot.com
How AntiDef works?This tool compares the source and the destination files, then copies the "defaced" files if any change occurs. The comparison occurs by default every 60 seconds, but can be defined differently.
Developer: Nir Valtman
Blog: http://valtman-nir.blogspot.com
AntiDef compares two directory paths - the web application and its backup foder. Then, it performs hash (MD5 - we need performance) on each file in the folders and a final hash on all hashed files. The final hashes of the source and the destination are compared. If they are different, then defacement is found. In this case, only the defaced files are moved (by default) to pre-defined "Defaced" folder and then replaced by the backup legitimate files. Then "Defaced" folder includes the malicious files, a timestamp of the defacement and a log.
AntiDef compares the two paths above every 60 seconds, but it can be defined differently.
The full manual is described by running the tool without parameters, i.e. java -jar AntiDef.jar
Open source
The tool written in java and it shared in SourceForge as a jar and as a source code. You can use it, open tickets, make it better etc. This tool has been written as "fast-and-dirty", but it works pretty good on files\folders only, meaning that database protection is not supported by this tool.
Source: https://sourceforge.net/projects/antidef/
Post a Comment