Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Alison Gianotto:
Check User-Submitted URLs for Malware and Phishing in Your Application
Apr 07, 2014 @ 15:01:59

In her latest post Alison Gianotto looks at a few different ways that you can validate any URLs that your users might give you to ensure they're not anything malicious. She looks at two of the major services, the Google SafeBrowsing API and SURBLs, as well as mentioning a few others.

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links. Fortunately, there are several free options for you to better protect your systems and your users against bad guys, and they’re pretty simple to implement. (My examples are in PHP, but could easily be adapted to whatever language you prefer.)

She starts with an example call to the Google’s SafeBrowsing service, making a curl call and parsing the result. The other service, SURBL, makes use of DNS validation calls complete with code examples. She also talks about Phishtank and VirusTotal as other options. She finishes the post with a few suggestions for working with the rate limit restrictions on these services, including things like only checking on click-through and ensuring failure is handled well.

tagged: malware phishing url validate google safebrowsing surbl tutorial

Link: http://www.snipe.net/2014/04/check-user-submitted-urls-for-malware-and-phishing-in-your-application

Grzegorz Godlewski:
PHP.Kryptik.AB - Give me your FTP!
Nov 20, 2012 @ 20:14:04

Grzegorz Godlewski has written up a post about a piece of PHP-related malware that, if it gets into your application, can render your site inaccessible (not to mention blocked by Google's "safe browsing") - PHP.Kryptik.AB.

One could think a PHP Developer is free from viruses and malware - and be wrong. Meet PHP.Kryptik.AB - the PHP malware. If you already know this bastard - high five! But if you don’t – be prepared! Basically the story starts from a standard computer trojan which (I suppose) attacks popular FTP clients that store FTP login credentials unencrypted. Then it sends fetched informations to a remote host which (by the cover of night) logs into the FTP servers and infects PHP base web-pages by injecting a piece of JavaScript code, that gets executed when a user enters a site.

He describes the injected code, what kind of files the malware looks for when it executes and how you can fix the problem if you've already been infected. There's also a bit about how you can prevent yourself from being infected (including the suggestion of using something like KeePass or 1Password to manage and create harder to crack passwords).

tagged: malware javascript infect phpkryptikab ftp

Link:

PHPMaster.com:
ClamAV as a Validation Filter in Zend Framework
Jan 09, 2012 @ 18:20:48

New on PHPMaster.com there's a tutorial showing you how to use ClamAV support to work as a validation filter in a Zend Framework application. ClamAV is an open source project that helps identify malicious threats like trojeans, viruses and malware.

Ok, so you’re pretty comfortable with using the Zend Framework, specifically the use of Forms. Along with that, you have a good working knowledge of how to combine a host of standard validators [...] but what do you do when a situation arises that's outside the scope of the pre-packaged validators and filters? Let’s say you want to guard against users uploading files that contain viruses, for example. You would have to write a custom validator that checks the uploads aren’t infected.

You'll need to install the ClamAV extension on your loal machine for the feature to work. Once it's there, though, it's as simple as setting up the validator (based on Zend_Validate_Abstract) and calling the "cl_scanfile" method on the uploaded file. Also included is the code for a sample controller with a Zend_Form instance and an upload file field to help prove it's working.

tagged: zendframework validation clamav filter virus malware tutorial

Link:


Trending Topics: