Jump to content

How to check for malicious PHP code

OM2

By OM2
in PHP Coding Help

 Share

Recommended Posts

OM2 Regular Member

OM2

Posted
Posted

Can someone advise me how to check for malicious PHP code?

 

If I download a script from somewhere, how can I make sure it's not malicious?

If bad, maybe it could delete files?? Or send spam?

Or EVEN 'send home' code - so that they can track your usage - OK if I consent - not OK if haven't consented and they're doing it sneakily!

 

Sending spam has been a problem when installing Joomla plugins

 

Are there specific commands I should watch out for in PHP scripts?

Like send mail or something?

 

I'm sure the baddies would be clever and maybe use IP numbers to send out to instead of domain names?

 

Is there a PHP code checker online? Something that tells you what your PHP script does? Simple things: like tell you if it sends out mail or makes contact outside or deletes files

 

This would be great - it would save a lot of time  going through hundreds/thousands of lines of code

 

Thanks

 

 

OM

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

I a programmer who could look through code, checking for anything malicious.  But I don't.  Instead I only use code that is well known, and does not have any negative feedback when searched for in Google.  The other big advantage of this approach is that you only get mature software.

 

As for checking the code, there are many ways to do actions like "open a file" or "send a mail".  You can look for the common functions like mail() and file_get_contents(), but that will not give you any guarantees.  Here are some of the functions you would be looking for:

 

http://php.net/manual/en/ref.filesystem.php

http://php.net/manual/en/ref.mail.php

 

But you could easily miss some like these:

 

http://au2.php.net/manual/en/ref.dio.php

http://au2.php.net/manual/en/ref.exec.php

http://au2.php.net/manual/en/book.pcntl.php

http://au2.php.net/manual/en/book.stream.php

Link to comment
Share on other sites
OM2 Regular Member

OM2

Posted
  • Author
Posted

hmmm... to be honest, i find that odd that there aren't tools that u can use to check

 

the joomla plugins were an amazing amount of trouble - our server got black listed 3 times in 18 months

 

i'm not a hardcore programmer, but i can think of a multitude of ways in which malicious code could be hidden

i won't bother going into details how though :)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.