Jump to content

- - - - -

Finding Php Shell Scripts In Your Website

security linux cyber security php info security shell code infection backdoor web application web app
PHP vulnerabilities are the norm, there is not much that can be done to prevent uploads of malicious files on a PHP site when there are world writable directories especially when your website is using a well known opensource community driven software product to power your website. PHP shell code can usually be found in many websites around the web especially when the administrator does not know much about how to clean out the backdoors after a hack has been done.

Here is a simple bash shell script that will search your public_html directories for common file names as well as search all files for common methods used for shell scripts using the fastest possible method with a large number of files. It will dump the results to a file called "php_backdoors" which you can examine to determine what is and what is not a false positive.

To use this shell script just paste this into a file called checker.sh in the directory before your public_html folder, then run it with the following command:
sh checker.sh

cd public_html/

find . -type f \( -iname "1.*" -o -iname "sh.php" \) -print0 >> ../php_backdoors

find . -type f \( -iname "*.php" -o -iname "*.inc" \) -print0 | xargs -0 -r grep -REn \
'(c99|r57|exif_read_data|extract|passthru|shell_exec|base64_decode|fopen|fclose|eval|Refresh|refresh|justrulz)' >> ../php_backdoors

Trackbacks for this entry [ Trackback URL ]

decorating ideas For kitchen from decorating ideas For kitchen

Tracked on Sep 29 2014 07:15 PM

wheelchair warrior from wheelchair warrior

Tracked on Oct 12 2014 05:03 AM

elder care planning from elder care planning

Tracked on Oct 21 2014 11:39 PM

October 2014

272829 30 31  

user(s) viewing

members, guests, anonymous users