Link to home
Create AccountLog in
Avatar of AXISHK
AXISHK

asked on

PHP Security

We are website provider and we find that some of the hosted website cause email bounced. Under further investigation, we find that a website has been use <frame> ... </frameset> and within the frameset, there is a redirection to use a php on another website - the original designer of the website.

Is it possible to disable frameset, or website redirection ? I am asked to review the existing infrastructure and give immediate action.

1. Is there any tools to to rescan all our existing websites and identify this kind of problem ?
2. Any solution to remedy this problem ?

Tks
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
It sounds like your server has been hacked.  You can scan all of the existing scripts for <frame> and <iframe> and manually check each instance of the results.  That is what I would do.  I agree with Dave -- I do not know any way to "turn off" features of HTML and even if I could, I would not do that because of the risk to legitimate clients who might depend on this functionality!  If you find that one account is causing the trouble, it would be fairly easy to disable that account until the owners correct the problem.
Avatar of AXISHK
AXISHK

ASKER

Any idea how to write a script to quickly scan a folder and sub-folder , with say "iframe" and write the file and path to a log file ?
Yes, you can use recursivedirectoryiterator.  I'll try to find an example for you.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of AXISHK

ASKER

Tks