Security system sites SANTI

Hi, Habr. With this post, I would like to tell you about my Open-source web-antivirus project for SANTI websites, about what has already been realized and what plans for the future. But the main task is to get feedback, which will serve for further development.

I'll start with the lyrics, as it was based on. Millions of sites are hacked each year, from business card sites and entertainment sites to public Internet portals. The goal of all hackers is to use the visitors of the sites and get the benefit, to use the resources of the hacked sites. For example, when sites are hacked, viruses (exploits) are introduced into them by using iframe inserts that infect the computer of the site visitor, and then extort money, or steal victim's financial information and withdraw money from their bank accounts. Everybody suffers from these criminal activities - both the visitor and the site that was hacked. As a result of the “pest” actions, there is an opportunity to lose the files and database of the site, get under the blocking of search engines, and then blocking with desktop antiviruses, lose precious traffic and the face of the company.

Alas, when developing websites, many web developers do not always conduct code security audits, and often they simply lack qualifications in this area, while popular CMSs are under scrutiny by hackers and the result is massive hacks. In addition to the vulnerabilities of the site itself, there are often leaks of access to servers with site files. To protect their sites, owners need to hire security specialists, programmers, administrators and constantly monitor the integrity of the Internet project and its protection. But only a few companies can afford it, and millions of sites on popular CMS and their visitors remain vulnerable.
')
Over the past 10 years, working in various web studios, I have faced the problems of hacking hundreds of sites, these were usually projects without administration and maintenance, sites running all well-known CMSok. The need to create a system for monitoring the integrity of sites and their automatic protection of the vital in the air has long been accumulating ideas and thoughts, and this year I finally decided to implement this tool.

What should be the site security system?

Starting work on SANTI, several prerequisites were laid down:

• The system should be autonomous and put turnkey on sites, without using third-party servers to work with the contents of the web-project;
• Simplest usability;
• Secure web-interface;
• Getting started in one and a half clicks - downloaded, configured;
• Open source;
• Freedom to choose the necessary tools;
• Support tools for webmasters;
• Automatic monitoring and protection;
• Instant notification of the owner of the threat to the site;
• Community help for users;
• Updated;

The resulting system today satisfies all the conditions set for it and is being improved.

Current system functionality

For three months from the first publication of SANTI on the Internet and its presentation on the popular forums of the Runet, SANTI acquired an interesting functionality, an invaluable feedback was collected, on the basis of which the SANTI version 0.5 was already released.

The basic part of the system - Autopilot , this PHP scripts are automatically triggered on schedule. For ease of use, the remote CRON server SANTI is ON / OFF and works, but in the settings you can activate the local CRON and configure the launch of autopilots manually on your CRON server, links to autopilot are visible.

Implemented the following autopilots:

• File autopilot - a tool for monitoring site files and notification in case of changes. The script creates an image of the site files when the anti-virus is first run - it remembers the CRC of files, size, date of change, rights. If the file has changed / deleted / added - the file autopilot reports detailed information to the site owner.
• Autopilot backing up site files - saving all files in a gzip archive with saving chmod files. When restoring from this archive - the rights to folders and files are also restored, based on the AlfaUngzipper tool. Backup is possible both on the server with the site and in the Yandex.Disk cloud.
• Autopilot backup of the site database - saving the site database dump to both the local server and Yandex.Disk. The tool was created based on the open source Sypex Dumper tool.
• Autopilot for search engine scanning - checks the site in Yandex and Google for blocking due to the harmfulness of the site, when blocking is detected, the user is notified to SANTI.
• Autopilot site checking for desktop antivirus - regular checking the site for the detection of malicious inserts desktop antivirus, such as Kaspersky Antivirus, NOD, Avast, etc., more than 30 antivirus. When malware is detected, a notification and report is provided on which files pose a threat and in the opinion of which of the antiviruses.
• SANTI - SANTI autopilot protects itself for interference with files and, if detected, removes itself and restores it to its original appearance.

The SANTI “Manual” section allows you to use the tools to check and treat the site in real time, without waiting for the autopilot to trigger.

Utilities - SANTI section, which includes a set of various tools to ensure the security of the site and help the Webmaster, this section is constantly updated with new tools. Already implemented utilities:

• Password generator is a classic that is often not at hand, and there is not enough imagination to generate a password that is resistant to cracking;
• Date-file search is a tool that more than once rescued when searching for malware after infecting a site, it allows you to specify the time interval for changing files, set a filter for which files we are looking for, or which ones we exclude. The result of his work is a list of files changed / uploaded at a specified time interval;
• Search and removal of malicious inserts - a tool for searching inserts in files by start / end mask, supports two modes - search / delete inserts;
• .ftpaccess configurator - on hosting servers that use FTP servers based on ProFTPD, Pure-FTP, it is possible to control access via FTP by configuring the file .ftpaccess (IP restrictions, IP exceptions, etc.), this tool helps to generate the stuffing of this file;
• Backup and recovery - everything is clear, a tool to backup the site, or restore an earlier version of the site, allows you to set backup options, such as: exclusion formats, file sizes, backup path, archive name.
• PHP info is a funny utility, of course, but the frequency of its use among all utilities is maximum. Displays information about the server.
• News - RSS reader of SANTI news and Internet security news, the latest are taken from the highly respected SecurityLab RSS feeds and with their permission!
• File editor - editor of files that were detected by a file scanner, date-search, and malicious inserts search. Implemented on the basis of ACE Editor, works with different encodings, the definition of the file type and the corresponding syntax highlighting will appear in the new release, as well as the highlighting of the malicious code.
• .htaccess site blocking is one of your favorite tools, blocking a site during a site treatment or attack is organized by introducing the RewriteRule redirection rule into the .htaccess file on the site stub, a cap is also included in the SANTI kit, the SANTI folder is ignored so that you can disable the blocking and work with him.

What else is interesting and special?

When you first log in to SANTI, the user goes through the settings dialog, which I tried to ease with hints, validators and explanations. In the dialog, all notification settings are configured, here you can register an account on the SMS gateway and enable this feature. Upon completion of the settings, SANTI creates its image and a snapshot of the files for self-defense, a snapshot of the site files for the file autopilot, starts self-defense.

The SANTI interface requires authorization, is protected from brute force by the restriction on the number of login attempts. When entering the control panel, SANTI checks for a new version of the antivirus and, if necessary, notifies the user that a update is required. At the start, the RSS feed of the new antivirus events is downloaded.

If the SMS service is connected for notifications from autopilots, then the account balance is displayed in the interface.

Under the hood: UI - CSS Bootstrap, adapted for tablets, PHP + JS.

In order to facilitate and speed up the installation of the web antivirus, I decided to stop using MySQL, SQLite and stopped at an old library called PHP Flatfile package , all data is stored in text files with TAB delimiters. For the chosen approach it can be possible to kick in, but so far I have not been disappointed in the choice.

SANTI has an online consultant, through which the user of the system can contact any security specialist from the web-antivirus community for advice.

What's next?

There are many plans and ideas for future releases:

• The development of malware search by signatures is actively underway;
• Preparing the system for the possibility of free localization into other languages;
• Autopilot scans the search engines for new pages in the issue (the appearance of doorways);
• Autopilot detect changes in the site database;
• Detection of mobile traffic overflow;
• Add multi-type trap files for remote monitoring;
• There is a global refactoring and code optimization, because the current version of the antivirus, it is more a prototype assembled from developments and research that have accumulated over the years;
• Tester hosting;
• Site security instructions and a smart helper when hacking a site;
• SQL injection interceptor;

The list can be continued for a long time and it will only expand in the future.

For now. I would very much like to find like-minded people in the field of security of websites, developers and welcome to the community in Habré.

We welcome any feedback, waiting for your comments and suggestions. Thank! Soon we will be back with a new post.

References:
SANTI website - http://santivi.com
Download SANTI - http://santivi.com/skachat/
Demo of the penultimate version of SANTI - http://demo.santivi.com/santi/
Community and support - http://forum.santivi.com