Zum Inhalt springen

Recognize hackers: Check My Site

Extension Key: checkmysite

TYPO3 Version:12 LTS11 LTS8 LTS7 LTS6 LTS

If a hacker manages to break into a website, they usually try to insert malicious code into the website. This is then used, for example, to install Trojans via vulnerabilities in the visitor's browser. Or the infiltrated code manipulates the indexing of the website by the search engine crawlers.

In most cases, the code is injected by automated scripts. These search for index.php and index.html files and insert code there (often disguised by coding). As all TYPO3 requests are made via the central index.php in the start directory, the code inserted there is executed with every page request.

The manipulation is often cleverly concealed so that it remains undetected for a long time and can harm as many visitors as possible. We have therefore developed the extension checkmysite. This checks the index.php file for malicious code according to around 60 rules every time a page is called up. If infiltrated code is detected, a freely definable status message is displayed instead of the usual web page or the call is redirected to another server. At the same time, the site administrator is informed by e-mail.

The configuration of the extension is very simple: after installation, the e-mail addresses for the notification and the status text or the forwarding address are specified. The e-mail notifications are repeated at intervals and the rate can also be specified.

This page contains automatically translated content.

Updated: 17.07.2024