ADVICE REQUESTED - Checking for alterations
Posted: Fri Mar 11, 2005 4:36 pm
Hello all. I am looking for some advice on an issue I am having with my Host. What does this have to do with PHP Code? Read on...
My host (for the time being unnamed), has allowed a malicious customer of theirs to break in to other peoples domains and rewrite some of their files. I am one of the other customers that was affected by this malicious customer.
One of the files rewritten on my domain was the index page of a popular subdomain that I host. The hack was a single line of code (an iFrame) appended to the end of my closing PHP tag (?>). While my host says there is no longer a threat of this type for me to worry about, I want to be able to protect my customers by keeping my code clean. Which leads me to my quetion...
What, in your opinion, is the best way for me to monitor my code and, if there is something different in the code than what I intended to be in there, how would you suggest I clean it?
The floor is open (so to speak), so I will begin with what I was thinking of doing. I thought of writing a function that would redirect the user to another PHP page (a code validation page, if you will) that checked the entire file that sent the user to the code validator. The validator would then open the file, check the length of the file, check to find the closing PHP tag and make sure there was nothing after it. If there was something after it, rewrite whatever is after it to kill what was there. After this validation was done, send the user back to the page that the user originally wanted, setting some cookies along the way to make sure this is only done once per page per user per visit. What do you think?
My host (for the time being unnamed), has allowed a malicious customer of theirs to break in to other peoples domains and rewrite some of their files. I am one of the other customers that was affected by this malicious customer.
One of the files rewritten on my domain was the index page of a popular subdomain that I host. The hack was a single line of code (an iFrame) appended to the end of my closing PHP tag (?>). While my host says there is no longer a threat of this type for me to worry about, I want to be able to protect my customers by keeping my code clean. Which leads me to my quetion...
What, in your opinion, is the best way for me to monitor my code and, if there is something different in the code than what I intended to be in there, how would you suggest I clean it?
The floor is open (so to speak), so I will begin with what I was thinking of doing. I thought of writing a function that would redirect the user to another PHP page (a code validation page, if you will) that checked the entire file that sent the user to the code validator. The validator would then open the file, check the length of the file, check to find the closing PHP tag and make sure there was nothing after it. If there was something after it, rewrite whatever is after it to kill what was there. After this validation was done, send the user back to the page that the user originally wanted, setting some cookies along the way to make sure this is only done once per page per user per visit. What do you think?