finding outbound connections?
Posted: Fri Nov 12, 2010 11:02 am
I'm inheriting a rather large php project. It's suspected that it has some "spy" code in it that connects to external sites and/or sends email to an outside source. All of the code is in "raw" php, nothing like ioncube was used to lock it up.
We're wanting to find if any such code exists.
Obviously we can grep for 'email' throughout the entire code base (and have) to find any spots that would be sending email (none were found).
We'd like to do the same for terms like file_get_contents and curl* functions, etc, but we want to make sure we have a definitive list of all the functions we should be searching for.
OR - is there a better way? Is there a php ini setting we can set that would explicitly tell php to not allow outbound connections?
Thanks in advance for any thoughts and feedback!
We're wanting to find if any such code exists.
Obviously we can grep for 'email' throughout the entire code base (and have) to find any spots that would be sending email (none were found).
We'd like to do the same for terms like file_get_contents and curl* functions, etc, but we want to make sure we have a definitive list of all the functions we should be searching for.
OR - is there a better way? Is there a php ini setting we can set that would explicitly tell php to not allow outbound connections?
Thanks in advance for any thoughts and feedback!