PHP Security

We are website provider and we find that some of the hosted website cause email bounced. Under further investigation, we find that a website has been use <frame> ... </frameset> and within the frameset, there is a redirection to use a php on another website - the original designer of the website.

Is it possible to disable frameset, or website redirection ? I am asked to review the existing infrastructure and give immediate action.

1. Is there any tools to to rescan all our existing websites and identify this kind of problem ?
2. Any solution to remedy this problem ?

Tks
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
There are many legitimate reasons for using frames and I would be very upset if you blocked things in my web site because someone else caused a problem.  And bounced emails are an everyday occurrence for a variety of legitimate reasons.  

The proper action to me is to contact the people who are responsible for the problems and ask them to fix it.  If they don't respond, then you can simply block access to their site until they fix their problems.
1
Ray PaseurCommented:
It sounds like your server has been hacked.  You can scan all of the existing scripts for <frame> and <iframe> and manually check each instance of the results.  That is what I would do.  I agree with Dave -- I do not know any way to "turn off" features of HTML and even if I could, I would not do that because of the risk to legitimate clients who might depend on this functionality!  If you find that one account is causing the trouble, it would be fairly easy to disable that account until the owners correct the problem.
0
AXISHKAuthor Commented:
Any idea how to write a script to quickly scan a folder and sub-folder , with say "iframe" and write the file and path to a log file ?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Ray PaseurCommented:
Yes, you can use recursivedirectoryiterator.  I'll try to find an example for you.
0
Ray PaseurCommented:
You might start here.  There might be other sanity checks you would need, for example, you would not want to read files larger than your memory allocation, etc.
<?php // demo/temp_axishk.php
/**
 * http://www.experts-exchange.com/questions/28706387/PHP-Security.html
 */
error_reporting(E_ALL);
ob_start();

// PUT THIS SCRIPT IN THE WEB ROOT DIRECTORY
$path = realpath(getcwd());

// THE SIGNAL WE ARE SEEKING
$signal = strtolower('IFrame');

// THE COLLECTION OF POSITIVE HITS
$out = [];

// SEE http://php.net/manual/en/class.recursivedirectoryiterator.php#85805
$objs = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST);

// UNFORTUNATELY THIS DOES NOT WORK AT PHP 5.4
// var_dump($objs);

// ITERATE OVER THE OBJECTS
foreach($objs as $name => $obj)
{
    $doc = strtolower(file_get_contents($name));
    if (strlen($doc) < strlen($signal)) continue;
    if (strpos($doc, $signal, 1))
    {
        $out[] = $name;
    }
}

// REPORT THE RESULTS
if (empty($out))
{
    echo "<h3>Good News! No <i>$signal</i> found.</h3>";
}
else
{
    echo "<h3><i>$signal</i> found here:</h3>";
    echo '<pre>';
    print_r($out);
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
Tks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.