Stock Market Game Php Script Checker
You can place the file checker outside the web directory and deny read/write permissions for the account that is running the web server. In other words do not allow the account running the web server to modify the file checker or the expected values for the file(s).
Furthermore, make sure that the account running the web server does not have permissions to change the permissions of the file checker and expected values. You could also do this from a remote machine, which runs the script and has the expected values, using either the Windows administrator shared folders (e.g. PC D$ www file.php), or SSH on a Unix based system. It comes down to permissions, as longest the account running the web server has the least permission required to run, and does not have permission to change the script file and expected values it will not render the file checker useless. If you are interested on a heavy duty file integrity checker, for free, I recommend.
There is a new library I created called stocks.js, it provides an easy to use stock market API that can fetch live stock data (refreshed every minute). The source of the data is Alpha Vantage. An example of usage would be.
If the attacker gets write access to my web folder Then don't store it in your web folder - however what's to stop them modifying files outside what you think of as your web folder? So, how can I check that the file checker script hasn't been altered? It would be trivial to implement a script which is not stored on the target system and send the script over an ssh session - but you are still relying on a lot of the files on the target system. It does make it a bit harder though. You should also be paying at least as much attention to the database of signatures - the attacker doesn't need to modify the code if he can modify the signature database directly - i.e. This definitely shouldn't be held on the remote computer.
You can place the file checker outside the web directory and deny read/write permissions for the account that is running the web server. In other words do not allow the account running the web server to modify the file checker or the expected values for the file(s). Furthermore, make sure that the account running the web server does not have permissions to change the permissions of the file checker and expected values. Movie perang dunia ke 2 turkey.
You could also do this from a remote machine, which runs the script and has the expected values, using either the Windows administrator shared folders (e.g. PC D$ www file.php), or SSH on a Unix based system. It comes down to permissions, as longest the account running the web server has the least permission required to run, and does not have permission to change the script file and expected values it will not render the file checker useless.