PHP Malicious Code Scanner
OS Commerce, WordPress, Joomla, Drupal, and custom built sites have all been hacked by the “wonderful” <?php @eval(base64_decode($_GET[q])); ?> hack. By slyly uploading a single php file to your server, these hackers gain the ability to push any code, view any source, and retrieve any data. And unfortunately, as hard as we try to prevent such hacks, as long as you use open source code, or for that manner any code, it’s more of a question of when, rather than if.
Thankfully, we as programmers have the ability to fight back, matching the hackers ingenius with innovative techniques of our own. One such way to do this is to use a PHP file in conjunction with a Cron Job to locate this malicious backdoor code. Enter PHP Malicious Code Scanner.
The PHP Malicious Code Scanner was designed specifically for the eval(base64_decode(‘…’)) hack, and quickly scans all files and subdirectories in its parent folder. If it doesn’t locate any malicious code, no worries. But if it does, it quickly sends an email detailing the specific file locations where the malicious, or just downright dangerous code is located.
Installing PHP Malicious Code Scanner
PHP Malicious Code Scanner can be installed on any server running PHP 5.
- Download the source and place it in the folder you would like to scan (remember it will scan all subdirectories and files)
- Make sure you change firstname.lastname@example.org to your email
- Recommended: Setup a Cron Job to run the script automatically – Help
- No known bugs at this time