PHPackages accentinteractive/laravel-suspicious-files - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Logging & Monitoring](/categories/logging) 4. / 5. accentinteractive/laravel-suspicious-files ActiveLibrary[Logging & Monitoring](/categories/logging) accentinteractive/laravel-suspicious-files ========================================== Get notified when suspicious PHP files appear in your file system v1.0.0(1mo ago)07MITPHPPHP ^8.0 Since May 10Pushed 1mo agoCompare [ Source](https://github.com/accentinteractive/laravel-suspicious-files)[ Packagist](https://packagist.org/packages/accentinteractive/laravel-suspicious-files)[ Docs](https://github.com/accentinteractive/laravel-suspicious-files)[ RSS](/packages/accentinteractive-laravel-suspicious-files/feed)WikiDiscussions master Synced 1w ago READMEChangelogDependencies (5)Versions (4)Used By (0) Laravel Suspicious Files ======================== [](#laravel-suspicious-files) Get notified when suspicious files (PHP or other) appear in your file system. This package monitors your Laravel application for suspicious files that are created in monitored directories. It's designed to detect potential security threats like uploaded malware or backdoor scripts. Requirements ------------ [](#requirements) - PHP 8.0 or higher - Laravel 11.x, 12.x, or 13.x Installation ------------ [](#installation) Install the package via Composer: ``` composer require accentinteractive/laravel-suspicious-files ``` The package will automatically register itself via Laravel's auto-discovery. Configuration ------------- [](#configuration) Publish the configuration file: ``` php artisan vendor:publish --provider="Accentinteractive\LaravelSuspiciousFiles\LaravelSuspiciousFilesServiceProvider" --tag="config" ``` This will create a `config/suspicious-files.php` file where you can customize: - **Monitored directories** - Directories to scan for suspicious files - **Excluded directories** - Directories to skip (e.g., vendor, storage) - **Allowed files** - Files that are permitted (e.g., index.php) - **File extensions** - Extensions to monitor (default: php) - **Email notifications** - Configure email alerts ### Environment Variables [](#environment-variables) Add these to your `.env` file: ``` # Email address to receive security alerts SUSPICIOUS_FILES_EMAIL=security@example.com # Whether to send email notifications (true/false) SUSPICIOUS_FILES_SEND_EMAIL=true ``` Usage ----- [](#usage) ### Manual Scan [](#manual-scan) Run a manual scan to check for suspicious files created in the last 5 minutes: ``` php artisan suspicious-files:find ``` ### Custom Time Window [](#custom-time-window) Check for files created in the last 30 minutes: ``` php artisan suspicious-files:find --minutes=30 ``` ### Send Email Notification [](#send-email-notification) Send an email alert if suspicious files are found: ``` php artisan suspicious-files:find --notify ``` ### Scheduled Monitoring [](#scheduled-monitoring) Add to your `app/Console/Kernel.php` to run automatic scans: ``` protected function schedule(Schedule $schedule) { // Check every 5 minutes for files created in the last 10 minutes $schedule->command('suspicious-files:find --minutes=10 --notify') ->everyFiveMinutes(); } ``` How It Works ------------ [](#how-it-works) 1. The command scans configured directories for PHP files 2. Checks if files were created within the specified time window 3. Excludes configured directories (vendor, storage, etc.) 4. Skips allowed files (like index.php) 5. Reports findings via CLI output 6. Logs security events to Laravel logs 7. Optionally sends email notifications Security Alerts --------------- [](#security-alerts) When suspicious files are detected: - **CLI Output**: Table showing file path, size, creation time, and age - **Log Entry**: Critical log entry with file details - **Email Alert**: Optional email with file information - **Cache**: Results stored for 7 days for review Configuration Example --------------------- [](#configuration-example) ``` return [ 'monitored_directories' => [ 'public/uploads', 'storage/app/public', ], 'excluded_directories' => [ 'vendor', 'node_modules', 'storage/framework', // ... more exclusions ], 'allowed_files' => [ 'index.php', ], 'suspicious_file_extensions' => [ 'php', 'phtml', 'php3', 'php4', 'php5', ], 'email' => [ 'notification_email_address' => env('SUSPICIOUS_FILES_EMAIL', ''), 'subject' => '⚠ SECURITY ALERT: suspicious files detected', 'view' => 'suspicious::email.security-alert', ], ]; ``` Use Cases --------- [](#use-cases) - **Upload Directory Monitoring**: Detect malicious files uploaded through file upload forms - **Web Shell Detection**: Identify backdoor scripts placed by attackers - **Security Auditing**: Regular scans for unauthorized PHP files - **Incident Response**: Quick detection of file-based attacks Testing ------- [](#testing) Run the test suite: ``` composer test ``` Contributing ------------ [](#contributing) Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details. Security -------- [](#security) If you discover any security-related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [Joost van Veen](https://github.com/accentinteractive) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 38 — LowBetter than 83% of packages Maintenance94 Actively maintained with recent releases Popularity6 Limited adoption so far Community6 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 3 Last Release 30d ago Major Versions v0.0.2 → v1.0.02026-05-10 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/356020?v=4)[Accent Interactive](/maintainers/accentinteractive)[@accentinteractive](https://github.com/accentinteractive) --- Top Contributors [![joostvanveen](https://avatars.githubusercontent.com/u/540294?v=4)](https://github.com/joostvanveen "joostvanveen (3 commits)") --- Tags accentinteractivelaravel-suspicious-files ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/accentinteractive-laravel-suspicious-files/health.svg) ``` [![Health](https://phpackages.com/badges/accentinteractive-laravel-suspicious-files/health.svg)](https://phpackages.com/packages/accentinteractive-laravel-suspicious-files) ``` ### Alternatives [laravel/ai The official AI SDK for Laravel. 9782.1M153](/packages/laravel-ai)[illuminate/queue The Illuminate Queue package. 20432.2M1.5k](/packages/illuminate-queue)[spatie/laravel-health Monitor the health of a Laravel application 88011.3M149](/packages/spatie-laravel-health)[moonshine/moonshine Laravel administration panel 1.3k239.9k72](/packages/moonshine-moonshine)[tallstackui/tallstackui TallStackUI is a powerful suite of Blade components that elevate your workflow of Livewire applications. 719160.4k12](/packages/tallstackui-tallstackui)[erag/laravel-lang-sync-inertia A powerful Laravel package for syncing and managing language translations across backend and Inertia.js (Vue/React) frontends, offering effortless localization, auto-sync features, and smooth multi-language support for modern Laravel applications. 4721.5k](/packages/erag-laravel-lang-sync-inertia) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)