After a hacker compromises a server, in order to maximize profits, most will vandalize the website by implanting backdoors, illegal pages, malicious code, and so on. To protect against hacker intrusions, fixing vulnerabilities is undoubtedly the best solution. However, while the dream is beautiful, reality is harsh. Often, we have no idea where the vulnerabilities are, and even if we know where they are, we may not know how to address them. Even after fixing vulnerabilities, new ones may emerge. Therefore, implementing necessary protective measures on the server is the superior approach to ensuring security. Tamper-proofing is an unavoidable topic when it comes to defending against hacker intrusions. As long as tampering is prevented, most intrusion issues are resolved. Below, we will discuss how to quickly implement tamper-proofing functionality on Linux.

On Linux servers, there are three simple methods to prevent web pages from being tampered with: using ACL policies, writing monitoring software for automatic restoration, and using professional tamper-proofing software. Below, we will introduce the implementation methods, along with their advantages and disadvantages, for each approach.

1.Using ACL Policies

This involves setting read-only permissions for files, preventing hackers from modifying them. There are two ways to achieve this: one is to set permissions to 444, and the other is to set read-only attributes. The second method is recommended because setting permissions to 444 only grants read access, but the owner is not restricted and can still modify the files.

Set read-only permissions (ineffective for the file owner)
chmod 444 -R /www/wwwroot/aa

Set read-only attributes
chattr -iR /www/wwwroot/aa

2. Writing Monitoring Software for Automatic Restoration

First, create a copy of the website (ensuring the copy has not been tampered with). Then, write a script that periodically checks the MD5 values of files, comparing each file in the website directory with its counterpart in the backup directory. If the MD5 values differ, it indicates that the file has been tampered with, and the file is immediately overwritten with the backup copy. The script can also exclude cache directories. Below is an example of such a script:

#!/bin/bash  
# Script to monitor files and compare MD5 values  

# Define source and backup directories  
SOURCE_DIR="/www/a.com"  
BACKUP_DIR="/www/a.com_fuben"  
EXCLUDE_DIR="caches"  

# Create a temporary file to store the file list  
FILE_LIST=$(mktemp)  

# Find all files (excluding the caches directory) and save them to the temporary file  
find "$SOURCE_DIR" -type f -path "*/$EXCLUDE_DIR/*" -prune -o -print > "$FILE_LIST"  

# Iterate through the file list  
while IFS= read -r file; do  
    # Compute the relative path (removing the SOURCE_DIR prefix)  
    relative_path="${file#$SOURCE_DIR/}"  

    # Skip empty paths (when file equals SOURCE_DIR)  
    if [ -z "$relative_path" ]; then  
        continue  
    fi  

    # Build the full path of the backup file  
    backup_file="$BACKUP_DIR/$relative_path"  

    # Check if the backup file exists  
    if [ ! -f "$backup_file" ]; then  
        echo "Warning: Backup file does not exist - $backup_file"  
        continue  
    fi  

    # Compute MD5 values for the source and backup files  
    source_md5=$(md5sum "$file" 2>/dev/null | awk '{print $1}')  
    backup_md5=$(md5sum "$backup_file" 2>/dev/null | awk '{print $1}')  

    # Compare MD5 values  
    if [ "$source_md5" != "$backup_md5" ]; then  
        echo "Difference found: $file"  
        echo "Overwriting with the backup file..."  

        # Create the target directory if it does not exist  
        mkdir -p "$(dirname "$file")"  

        # Overwrite the file  
        cp -f "$backup_file" "$file"  

        # Check if the operation was successful  
        if [ $? -eq 0 ]; then  
            echo "Overwrite successful: $file"  
        else  
            echo "Error: Unable to overwrite $file"  
        fi  
    fi  
done < "$FILE_LIST"  

# Delete the temporary file  
rm -f "$FILE_LIST"  

echo "Synchronization complete"

Advantages: Simple to implement.  

Disadvantages: Strictly speaking, this is not tamper-proofing but rather file restoration, which introduces latency. Additionally, maintaining the website later becomes cumbersome, as updates need to be uploaded to the backup directory.

3. Using Tamper-Proofing Software

While the first two methods can address tampering, both have significant drawbacks and cannot be combined effectively. Therefore, using tamper-proofing software becomes the inevitable choice. Not just any tamper-proofing software will meet the requirements—some are overly simplistic and cannot apply tamper-proofing rules to subdirectories or individual files. For websites that require cache or temporary files, these simple tools may still cause issues due to a lack of write permissions. A recommended solution is the "MagiAegis Defense System", Its tamper-proofing module is highly robust, allowing for granular rules to be applied to subdirectories, specific files, or file types, meeting the needs of all websites. Additionally, its built-in CMS tamper-proofing templates make it easy to configure complex rules for websites, ensuring protection against tampering without causing any side effects.

Robust tamper-proofing rules allow write permissions for the cache directory

One-click addition of CMS tamper-proofing rules