..does that not partially reduce the effectiveness of Siemonitor though?
If a hacker was to delete a file from the server leaving Sitemonitor no longer able to detect other types of changes (size, dates etc - until a new ref file is created), the hacker could set about changing other files and the only way to detect changes would be a manual comparison of all files..
...or have I missed something?