Hello,
What are the dangerous(according to some perspective) function of php like fsockopen() which originate traffic from my site(without my knowing) and knock other site?
How to debug/trace and disable them? What i should look in the script(php) control flow?
I use xdebug? the trace file is huge for a middle weight site?
I want to know the right technique to trace/debug them.
How many function are exist of this type?
thank you.
which originate traffic from my site(without my knowing)
there are none of them.
PHP functions do not run on their own will.
Let me clear you.
how any language can do that if i not coded that!!! so if a coder do that in a script how i trace/debug them.
thanx
You are confusing debugging with finding code vulnerabilities. AFAIK xdebug can not find security issues in code but is used to find errors, analyze resource use, code flow, etc.
The main thing is only get and use code from those you trust. This will help keep malware from causing problems. As for vulnerabilities, that’s not an easy thing. New ones in respected apps are discovered all the time (and hopefully quickly patched).
There is no checklist of “bad” PHP functions. Even “safe” functions can theoretically be used poorly, and the “riskier” functions can be safe as long as they’re used correctly. Think about it. Would any language purposely include a “bad” function? For example unlink() deletes files, you wouldn’t want to write code that let someone delete whatever files they wanted to. Is unlink “bad”? Not at all, as long as you use it wisely with precautions in place. Is eval() bad? It can be, but the bad rap it’s gotten is because some have used it carelessly.
You mention fsockopen() It can be used for both legitimate and nefarious purposes. If you don’t trust the code, don’t use it.