How-To

Monitoring Changes to Files via a Cron Job

If you are interested in monitoring when a file is uploaded to or changed on your server, there is a simple method of doing so via cPanel. This can be useful to monitor if someone has unauthorized access to your server and is attempting to upload malicious files.

1) Log into your cPanel account.

2) Go to the Advanced section and find the “Cron Jobs” option.

ChronJobs

3) Make sure the email it has on record is accurate.

eMail

4) Add a new Cron Job. You can select how often the check is run, from once per minute to once per year, depending on how often you wish to receive notifications. Be aware, more frequent checks will result in more messages being sent to your email and more server resources being used.

Screen Shot 2015-07-22 at 3.42.38 PM

5) In the “Command” box, paste the following code:

find /home/USER/public_html -type f -ctime -1 -exec ls -ls {} \;

In place of the /home/USER/public_html, use whatever path you want to monitor on your server. It can be any specific directory on your site, or even just /home/ in general.

6) You will now receive emails whenever a new or changed file is detected on your server.

Mail results

Do note that a site which allows user uploads, frequently adds or changes files, or otherwise has a lot of file activity on it can trigger these notifications frequently! When initially testing this script, for example, WordPress updated and all altered WordPress files were included in the report. In such cases, you may wish to write separate cron jobs for all directories excluding those which are frequently used.

Find out more about ServInt solutions
VPS

Starting at $27

  • The New York Times
  • The Hill
  • Bloomberg
  • The Seattle Times
  • Computer World
  • Ars Technica
  • MSNBC