Is there a way to verify a check if there suspicious in a web site developed in PHP
Where should we look in within a web site developed in PHP from for us to find if there is any malicious code leaking information from our site. Beside PHP, Java, CGI, etc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
also you may consider to use some tools to scan the entire website code. so that you can find the details.
ASKER
Can we make a search for key words that would flag us possible bad coding ? Since all the files are text, we figure if we search any keywords and found one, this would rais a black flag. After we identify all keyword we'll proceed to google more of info pertaining to the message appeared
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with @kyanwan, if you don't have the ability to write the code yourself, then you should have someone else audit it. I know I could put things in PHP and javascript that a novice could not find.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much on this valuable info.
Regarding contracting a professional to validate our site; is a great recommendation. However, the investment is not justified for us for the following reasons:
- We are not a big firm
- the contents developed is not a complex contents
- not that security sensitive
- the total size is not over 3mb
- is not live yet
What we're looking for is more like the details provided by kyanwan in the first part of ID: 37043207.
We are not experts in some tech areas, but with EE assistance we have successfully done a series of tasks that we would have not been able to do before. This site is Excellent!
We are not looking for an actual step-by-step of a "How-To" detecte flaws or leaks, but something like kyanwan in the first part of ID: 3704320; a guidance of where to look.
For example, when we contract a VB programmer, prior going live with the apps developed, we look at the code for all connections, external calls to other apps or ips to make sure that the cobtrol stays where we want. For example the SQL connections, calls of other apps or ascii files that may input or output data for creating connections, IPs, we even look at functions to see if it create values for accessing other areas (we found once a function using char(x) until it spells out actual address), stuff like this.
In web, that's what we are trying to do to prior going live.
A little more info
The contents is compose of (by file types):
- Cascading Style Sheet Document (1 file)
- Icon (16)
- JS File (3)
- PNG File (40)
- JPEG image (1)
- GIF file (1)
- HTML Document (1)
- PHP File (29)
Can you gives some actual names to look for or logic flow, anything that would help us to just look. It's riot a big apps so we are willing to invest some time.
Please advice.
Regarding contracting a professional to validate our site; is a great recommendation. However, the investment is not justified for us for the following reasons:
- We are not a big firm
- the contents developed is not a complex contents
- not that security sensitive
- the total size is not over 3mb
- is not live yet
What we're looking for is more like the details provided by kyanwan in the first part of ID: 37043207.
We are not experts in some tech areas, but with EE assistance we have successfully done a series of tasks that we would have not been able to do before. This site is Excellent!
We are not looking for an actual step-by-step of a "How-To" detecte flaws or leaks, but something like kyanwan in the first part of ID: 3704320; a guidance of where to look.
For example, when we contract a VB programmer, prior going live with the apps developed, we look at the code for all connections, external calls to other apps or ips to make sure that the cobtrol stays where we want. For example the SQL connections, calls of other apps or ascii files that may input or output data for creating connections, IPs, we even look at functions to see if it create values for accessing other areas (we found once a function using char(x) until it spells out actual address), stuff like this.
In web, that's what we are trying to do to prior going live.
A little more info
The contents is compose of (by file types):
- Cascading Style Sheet Document (1 file)
- Icon (16)
- JS File (3)
- PNG File (40)
- JPEG image (1)
- GIF file (1)
- HTML Document (1)
- PHP File (29)
Can you gives some actual names to look for or logic flow, anything that would help us to just look. It's riot a big apps so we are willing to invest some time.
Please advice.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx Slick812, yes something like that. What we are looking for are keywords, not actual strings. For example, we finished checking the site contents file which are in PHP, Java, Cgi, etc, since they are text, for keywords as:
"connect"
ip values (search for xxx.xxx.xxx)
"MySql"
"get"
"select"
"insert"
"system("
"passthru("
"\"
" exec("
Also just finished incorporating your keywords:
"file_get_contents"
"soap"
In essences we would like from EE first hand experience of specific commands in PHP/Java/Ajax/Ect. that would either Saves to Files, Open Paths, Saves to Database, etc.
We want to compile and setup some sort of "checklist" of word to look for and then identify is if being used correctly in our site.
What we need is example of command word.
Thanx
"connect"
ip values (search for xxx.xxx.xxx)
"MySql"
"get"
"select"
"insert"
"system("
"passthru("
"\"
" exec("
Also just finished incorporating your keywords:
"file_get_contents"
"soap"
In essences we would like from EE first hand experience of specific commands in PHP/Java/Ajax/Ect. that would either Saves to Files, Open Paths, Saves to Database, etc.
We want to compile and setup some sort of "checklist" of word to look for and then identify is if being used correctly in our site.
What we need is example of command word.
Thanx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx for the info.
Since all files the actually do processing within a site are text file, we are searching within them for names or commands that write/read to other site.
To close the question, and besides the keywords we are searching for (see ID: 37050756), can you guys give us any additional names of commands that would do the following:
- Write to
- Copy To
- Read From
- command that would send emails
Greatly appreciated
Since all files the actually do processing within a site are text file, we are searching within them for names or commands that write/read to other site.
To close the question, and besides the keywords we are searching for (see ID: 37050756), can you guys give us any additional names of commands that would do the following:
- Write to
- Copy To
- Read From
- command that would send emails
Greatly appreciated
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thanks all. We think we got a very valuable info from your guys
ASKER
Thanx
ASKER
It was site developed for us and just turned in. The site is more like a project & proposal site used by us. We have doubt of one of the programmers from a conversation we overheard.
We copied the entire site contents from our FTP to our hard drive to make the search for any link hidden or calls outside our site, faster.
Basically what we want to know is what to look for in our code that would show us any connection to other sites or how to see if our data is being sent to or received from other site.
Hope we made our need clear.