This is to monitoring, when admins password is changed is come CMS. Some my site was hacked, this code helped me to understand when site was hacked ant I quickly restored site from backups. It helped to sync with apache logs, so i saw , where was it from and which was the script:

---

check_log_file='/_scripts/_cron_init/mysql_check.log'
mail_file='/_scripts/_cron_init/mysql_mail.log'
check=` grep UPDATE /var/log/mysql.log | grep admin | grep jos_users |wc -l `
grep -n UPDATE /var/log/mysql.log | grep admin | grep jos_users | tail -1  > $mail_file
check_log=` cat  $check_log_file `
# echo $check $check_log $check_log_file

if [ $check -ne $check_log ]
then

mail -s "mysql attack" This e-mail address is being protected from spambots. You need JavaScript enabled to view it < $mail_file
echo $check > $check_log_file
fi

< Prev		Next >