PHP Malicious Code Scanner

[yehlu]

http://www.mikestowe.com/blog/2010/10/p ... canner.php

https://github.com/mikestowe/Malicious-Code-Scanner

OS Commerce, WordPress, Joomla, Drupal, and custom built sites have all been hacked by the “wonderful” <?php @eval(base64_decode($_GET[q])); ?> hack. By slyly uploading a single php file to your server, these hackers gain the ability to push any code, view any source, and retrieve any data. And unfortunately, as hard as we try to prevent such hacks, as long as you use open source code, or for that manner any code, it’s more of a question of when, rather than if.

Thankfully, we as programmers have the ability to fight back, matching the hackers ingenius with innovative techniques of our own. One such way to do this is to use a PHP file in conjunction with a Cron Job to locate this malicious backdoor code. Enter PHP Malicious Code Scanner.

The PHP Malicious Code Scanner was designed specifically for the eval(base64_decode(‘…’)) hack, and quickly scans all files and subdirectories in its parent folder. If it doesn’t locate any malicious code, no worries. But if it does, it quickly sends an email detailing the specific file locations where the malicious, or just downright dangerous code is located.

Special thanks to Er. Rochak Chauhan (http://www.rochakchauhan.com/), as this was based on his idea.


Installing PHP Malicious Code Scanner

PHP Malicious Code Scanner can be installed on any server running PHP 5.

To install PHP Malicious Code Scanner:

Download the source and place it in the folder you would like to scan (remember it will scan all subdirectories and files)
Make sure you change youremail@example.com to your email
Recommended: Setup a Cron Job to run the script automatically – Help