Greg Freeman has posted the second part of his "hacked PHP application" series (part one is here). In this new post he looks at the aftermath - what to do and check to do cleanup and fixes so it doesn't happen again.

This is a follow up post from my previous post "How to Tell if Your PHP Site has been Hacked or Compromised". This post will discuss some the first steps you should take when you have identified that your site has been compromised. The first sections discuss a few points that are not relevant to everyone, the later sections will discuss how to fix the exploits.

He includes a list of things to think about including:

• What kind of hosting you use (and if that contributed)
• The option to redirect all requests for your site to one page
• Get a list of all PHP files to locate something malicious
• Locating "non-PHP PHP files"
• Finding files with possible malicious content

He also includes a few suggestions to help prevent issues in the future - update to the latest versions, patch your code, rethinking your permissions and monitoring for potential repeat attacks.

In this recent post to his site Greg Freeman share some things to check for when you think your PHP site (any kind, even something like WordPress) might have been compromised.

A friend of mine recently had their site compromised, they were running an older version of IP.Board that is vulnerable to a local file inclusion vulnerability. This post won't be about IP.Board or any specific php code, it will show you how to locate potential malicious php code hosted on your servers and how to fix it. Finally I will give a brief explanation on what attacker's are uploading to compromised sites.

Among the things he recommends are tips like:

• Check your Access Logs
• Finding Recently Modified PHP Files
• Finding obfuscated code
• Always search your writable upload directories for executable code
• Check .htaccess Files if you use Apache

You can find the descriptions for each of these (and some others to watch out for) in the full post.

Robert Basic has put together a new post to his blog about a hack he's found for the Zend Framework translated route segments when a "gotcha" popped up when he was trying to use them in a multi-language website.

The web site's default locale, language, is English. If the user has no locale in the session/cookie, she, or he, will get the English version of the web site. [...] But! If the user's first visit is on the http://example.com/vesti URL ("vesti" is "news" in Serbian), the router can't route that because it depends on the locale and the default locale is English and not Serbian, thus directing the user to the 404 page.

To get around this issue he created a front controller plugin that fires in the postDispatch hook to change the locale manually if the current request's isn't found to be English. It then redirects the user to the correct location for the new language and things proceed normally.

On the Web Builder Zone today there's a new article that talks about five things that, while they may seem like hacks in your development, they might come in very handy in the right situations.

Ilia is one of the people that get his hands dirty in the PHP core, and PHP has indeed many overlooked features. [...] However, thinking about this load of features inspired me to write this article: I'll include here 5 features that at first seem an hack, but can save your life while coding in PHP. In fact, you probably use or will use them every day without noticing.

His list of five is made up of the access our scripts have to private properties via Reflection, using eval, the __DIR__ constant, the fact that a closing "?>" isn't needed and the fact that PHP has "__sleep()".

The Cats Who Code blog has some handy WordPress tips for those out there using the popular software to power their sites. These ten tips cover a wide range of subjects, so hopefully you'll find one of use to you in the list.

WordPress is the platform of choice for most bloggers, and WordPress hacks is one of the most popular topics on CatsWhoCode. This is why I've decided to compile 10 new and extremely useful hack for WordPress.

Here's their list of ten - some most include code snippets you can cut&paste into your existing site for easy use.

• Remove comments autolinks
• Automatically notify your users of new posts
• Twitter style "time ago" dates
• Display post thumbnail in your RSS feed
• Block external requests
• Easy debug mode
• Use WordPress shortcode in theme files
• Allow upload of more file types
• Google Docs PDF viewer shortcode
• Detect the visitor browser within WordPress

On the Security Musings blog today there's a new post from Anurag that walks you through the process, step-by-step, of how he exploited an image gallery written in PHP (including the tools he used).

I always read, PHP applications are a security guy's nightmare. Always thought why, Coming from a world of packets and frames code made lesser sense. Until I stumbled upon this application. The application was an Image gallery, with a lot of nice cool pics and an option to share and upload pics. This was a PHP application. Oh, it was fun! I thought of playing with it. As soon as I checked the Image upload option, the security freak in me took over.

Using tools like BURP, Extplorer and Fgdump he was able to find a hole that let him upload whatever he wanted including full access to the machine and the Windows admin password.

WordPress users, listen up, Alison Gianotto has a few suggestions you should listen to (and maybe prepare for ahead of time) to do when your WordPress blog gets hacked.

It happens to most bloggers at some point your Wordpress blog gets pwned, and you're not sure where to even start. [...] This article will deal with how to restore your Wordpress install, and perhaps more importantly, where to look to try to determine the nature of the attack so that you can make sure it won't happen again.

She talks about what kind of impact a hack could entail - lost time spent restoring, site downtime, etc - and a few things you can do to help minimize these problems:

• Keep Wordpress and Plugins Up to Date
• Ask Your Web Host Where Your Log Files Live
• Backup, Backup and Backup again
• Early Detection Equals Better Reputation Damage Control

She also talks about what to do in the aftermath - finding out exactly what happened, disable all incoming traffic, check modifications dates and record the information. Only then should you restore from backups and keep an eye on the logs for anything suspicious.

On the NETTUTS.com site today there's a new tutorial with a few tips (six of them) for CodeIgniter sites to give them a bit of extra performance.

CodeIgniter is a simple and powerful open source web application framework for PHP. Today, we'll do some core "hacks" to this framework to change and improve its functionality. In the process, you'll gain a better understanding of the intricacies of CodeIgniter.

Thier six tips, while not the most idea for production systems (at least not until tested on a development site), can help out your application in a few different ways. Here's their list:

• Autoloading Models PHP 5 Style
• Prevent Model-Controller Name Collision
• Form Validation for Unique Values
• Running CodeIgniter from the Command Line
• Adding Doctrine ORM to CodeIgniter
• Running Multiple Sites

From the CatsWhoCode.com blog there's a new list of ten things you can do to help improve the performance and add extra functionality to your WordPress installation's dashboard.

The dashboard is a very important part of a WordPress blog. In fact, it allows you to control your posts, your blog design, and many more things. When building a site for a client, it is especially important to be able to control WP's dashboard. In this article, let's have a look at 10 extremely useful hacks for WordPress' dashboard.

Some of their hacks include:

• Remove dashboard menus
• Replace dashboard logo with yours
• Disable the "please upgrade now" message
• Add custom widgets to WordPress dashboard
• Provide help messages

On the CatsWhoCode.com blog there's their list of top "hacks" for WordPress that can add that little extra boost your site might be needing.

2009 has been a very prolific year for WordPress hacks. In this article, I'll show you the most useful hacks I came across during the whole year. Enjoy!

Some of the suggestions include:

• Monetizing your old blog posts
• Detect the visitor browser within WordPress
• Get short urls for social bookmarking
• Use SSL on wp-admin directory
• Post on your WordPress blog using PHP