Creating custom signatures

  • Dave

    (@w1djmartin)


    6 years, 1 month ago

    I have some custom modifications on my site that the scanner flags every time a scan is done. I would like to create custom signatures for the code in question so a) it does not get flagged every time a scan is done and b) it WILL get flagged if it changes without my knowledge.

    I have looked high and low for instructions on how to create custom signatures but have not been able to find anything that details how to create them. In the settings section there is a link that says Read more but there are no details or further information available at that link.

    I have this nagging feeling that I’m missing something that may be obvious but I’m sure not seeing it. Any pointers to the details on how to create custom signatures would be greatly appreciated.

    Dave

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author gioni

    (@gioni)

    How do you implement those “custom modifications”? I hope as a WP plugin? If so, you can upload a plugin ZIP archive on the scan results page.

    Thread Starter Dave

    (@w1djmartin)

    They are not a plugin. All of the code resides outside of the WP directories but within the public HTML directory (below it in a separate directory).

    The wording of “custom signature” implies that I should be able to create one from a known source of the files I have put on the site and have the scanner compare the site to the “custom signature” to make sure nothing has been altered yet there is no documentation that I can find that explains how to create a signature.

    Plugin Author gioni

    (@gioni)

    In that context, it makes sense just to monitor the specified directory for changes. No custom signatures are needed because they are created internally during the first scan of the directory. Signatures are usually being used if you distribute a piece of software and you need to verify the integrity of it.

    Thread Starter Dave

    (@w1djmartin)

    OK thanks Gioni. If what you say is true then what is the Custom signatures field used for on the Scanner settings page?

    Having custom signatures seems to imply that I can create one for my custom code so the scanner will know what and where it is and flag it if it changes without its signature being updated.

    Plugin Author gioni

    (@gioni)

    No, the Custom signatures field has nothing to do with code signatures. I mean the plugin will scan and compare file hashes between scans. No custom signatures are needed whatsoever. If the detected changes are not made by you, you have to restore your original code because it means it was altered somehow. The results of the first scan will be used as a reference value, meaning you can’t see changes after the first scan. Only after further scans.

    Thread Starter Dave

    (@w1djmartin)

    Thanks again for responding Gioni. If the custom signatures field has nothing to do with code signatures why does it say Specify custom PHP code signatures. One item per line. below the input field?

    Perhaps the better question is, what is that field actually for? There is virtually no documentation about it that I can find.

    Plugin Author gioni

    (@gioni)

    It’s a completely different story. The plugin will be scanning files for those signatures and add them to the list of suspicious files. I agree with you, the plugin documentation should and will be improved.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Creating custom signatures’ is closed to new replies.

Tags

  • In: Plugins
  • 7 replies
  • 2 participants
  • Last reply from: gioni
  • Last activity: 6 years ago
  • Status: not a support question