Hi,
how can check for malicious code or sql injection with a php script without checking source files one by one. Actually i have thousands of files to look for. So i would like to develop a php script for this. How can i do this ?
-Thanks
Check out Pixy.
Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
For more information, take a look at our documentation page!
Thanks, however this is in Java, is there anything like this in PHP ?
I’m pretty sure Pixy is supposed to be run on the client (i.e. your local computer). Probably developed in Java to be a cross-platform application. So, you would have to download the website files and then run Pixy on those files.
However, it probably doesn’t locate existing malicious code. This is where I would take a recent backup, download the current website files to another directory, and then use a directory/file comparison tool to scan and compare both directory sets. I use Beyond Compare 3 Pro, but that costs money (but it is a really fantastic diff tool worth every penny). There are free diff tools but the best free one I tried was something for Linux (pretty sure it was Kompare). I’m assuming your website got hacked or you wouldn’t be asking questions like this in the first place.
Alternatively, if you know roughly what date you got hacked, you can write a PHP script that scans the directory tree looking for all the files added or modified since a certain date. Then you only have to look at a handful of files instead of thousands.
Then, once you’ve fixed the issue (whatever it is) and closed the loophole(s), you can set up a tool like WebCron Site Backup:
Use the reporting feature (generates a report and sends it via e-mail) and not have to worry so much about getting hacked again. Takes five seconds per day to review the e-mail IF any changes occurred. We web developers live and learn…usually the hard way.