Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Aaron Saray:
Anatomy of a PHP Hack
Nov 27, 2017 @ 10:09:55

Aaron Saray has a post to his site sharing the "anatomy of a PHP hack" - the evidence that he found and pulled apart based on a recent hack he experienced.

It’s hard to come up with a title for this - but - basically I found some rogue code the other day that I thought was pretty interesting. I was fixing a “hacked” website when I came across the source of the symptoms of the hack.

He starts with the code he found in the hacked website, obfuscated to hide the true intent and how he disassembled it to find the true intent. He walks through the method he used to reverse the code ultimately ending up with a simple call to base64_decode a value that comes in from a $_POST request.

tagged: hack decode reverse base64 post input

Link: https://aaronsaray.com/2017/anatomy-of-a-php-hack.html

Zend Developer Zone:
A Reverse Debugger for PHP…wait…WHAT?
Nov 16, 2016 @ 11:51:28

On the Zend Developer Zone they have a post talking about an interesting project - a reverse debugger for PHP making it simpler to step forward and backwards through breakpoints in your PHP code (instead of just forward).

Honestly, when I originally tweeted this out I really wasn’t 100% sure what it did. You never know when you see things like “reverse debugger”. It’s one of those “I understand the words separately…” type of things. Then I watched the short video. HO-LY CRAP! Seriously, it is exactly what it says, it allows you to step debug forward AND backwards. Well, almost. You have to record the session first and then you can step forwards and backwards. Still it is a powerful tool.

The project, Don'tBug, hooks directly into any IDE that supports XDebug (just about all of them) making it easy to integrate into your current workflow. You can see it in action in this video over on YouTube.

tagged: reverse debugger language tool dontbug project xdebug

Link: https://devzone.zend.com/7400/reverse-debugger-php-wait/

Jelle Raaijmakers:
Dissecting a spammer’s spam script
Apr 19, 2016 @ 13:48:37

In this post to his site Jelle Raaijmakers dives into a script that's commonly injected into vulnerable sites and used by spammers to send messages without the knowledge of the site owner.

Let’s take a look at a PHP script used to send spam. These types of scripts run on servers all over the world and might give you some insight into a spammer’s dedication to annoy the hell out of you. Spammers abuse known flaws in unsecured websites and applications to break into a server and install scripts that are able to send loads of spam.

[...] Everyone running a mildly popular WordPress site knows that exploits can be really easily introduced by installing plugins from a less than reputable source – or by not keeping your plugins up to date. Sometimes, a zero-day exploit for a popular WordPress plugins becomes known and thousands of installations worldwide are infected at once.

He then goes through a script he found in an infected WordPress instance of his own on a shared hosting provider. He talks about what these kinds of scripts usually look like (an encoded eval injected into current scripts) and the process he followed to dissect it:

  • Step 1: determine method of obfuscation
  • Step 2: introduce newlines
  • Step 3: replace the $j10 values
  • Step 4: concatenate constant strings
  • Step 5: replace function invocations
  • Step 6: prettify the PHP code
  • Step 7: remove default $j10 argument
  • Step 8: decode the $pate payload
  • Step 9: replace $_POST references
  • Step 10: map function and variable names

It's not a super simple process, but in the end he's left with the complete PHP script that loads a remotely defined configuration, tries to send the emails and even retries if there's a failure. He includes a few noteworthy things about the script including STMP connection auto-detection and DNS lookups over UDP.

tagged: spammer script dissection reverse engineer email spam security

Link: https://jelleraaijmakers.nl/2016/04/dissecting-spammers-spam-script

Edd Mann:
Reversing a Unicode String in PHP using UTF-16BE/LE
May 12, 2014 @ 10:55:00

Edd Mann looks at an issue in his latest post that caused him problems in a recent project, reversing a Unicode string with UTF-16BE/LE.

Last week I was bit by the Unicode encoding issue when trying to naively manipulate a user's input using PHP's built-in string functions. PHP simply assumes that all characters are a single byte (octet) and the provided functions use this assumption when processing a string. [...] You should be aware that in 'Western Europe' we commonly only use the basic ASCII character-set (consisting of 7 bytes). This makes the transition to the popular 'UTF-8' Unicode representation almost seamless, as the two map one-to-one. I wish to however, discuss how to reverse a Unicode string (UTF-8) using a combination of endianness magic and the 'strrev' function.

He provides two different approaches to the problem. The first he calls the "naive" approach because it corrupts characters needing more than the two-byte representation. His second solution, the "endianness" method, converts the string to big-endian first (UTF-16) and then back to UTF-8 for more correct handling.

tagged: unicode string utf8 utf16 bigendian endian convert reverse string

Link: http://eddmann.com/posts/reversing-a-unicode-string-in-php-using-utf-16-be-le

Getting Started with Varnish
Jan 22, 2013 @ 10:37:17

On PHPMaster.com today there's a new tutorial that can help you increase the performance of your application relatively painlessly with the help of the Varnish proxy tool. The article helps you get started.

Varnish is a reverse proxy server; it sits in front of your web server and serves content from your server and no one else’s. Reverse proxy servers are tightly coupled to the web server and can act on messages received from it. [...] Simply put, Varnish does one thing: serve web content super fast.

You'll need command line access to the machine (as well as permissions to install the software) but getting it installed is a simple "apt-get" away. There's a bit of configuration to set up to get it up and working, but it's only a few lines...and examples are included in the tutorial. They get into some of the more advanced configuration options too, like the time-to-live and changing the port it listens on. Varnish isn't just for PHP applications either - it can be used effectively for any kind of web application as it's just a proxy layer that sits on top and waits for requests.

tagged: varnish tutorial application cache reverse proxy


Zend PHP Certification Blog:
PHP Sorting Functions
Dec 21, 2011 @ 11:39:06

On the "Zend PHP Certification" blog (study notes), there's sort and natsort).

In all the countless hours I’ve spent with php, I’ve maybe used three or four of these sorting functions. I really had no idea that there is a total of eleven functions used for sorting arrays. Anyway, I’m betting that it may be useful to have these memorized before I take the Zend PHP Certification Exam so here is a brief overview of each one.

He talks about the various flags that can be used in the sorting (for regular, numeric, string and locale-based string handling) and the parameters to call for normal sorting, "natural" sorting, reverse key sorting and others. You can find specifics on these array sorting methods in the PHP manual.

tagged: sorting function array natural reverse key user


Matt Curry's Blog:
8 Ways to Speed Up CakePHP Apps
Mar 18, 2009 @ 10:23:26

Matt Curry has a new post to his blog listing a few ways that you can help get the most out of your CakePHP application's performance.

It's a not so well kept secret that CakePHP is slow. What isn't well know is that this is done by design. I could get in a lot of trouble by revealing this, but I'm willing to take that risk. [...] Every time you use one of the tips in this article it's one less gold chain on the neck of a Cake developer.

Here's his list of eight tips:

  • Set Debug to 0
  • Cache your slow queries/web service requests/whatever
  • View Caching
  • HTML Caching
  • APC (or some other opcode cache)
  • Persistent Models
  • Store The Persistent Cache in APC
  • Speed Up Reverse Routing

Some of the tips are CakePHP specific, but several of them (the caching) can be useful no matter what sort of application you're using - framework or not.

tagged: eight speed caekphp framework cache apc model debug reverse routing


Debuggable Blog:
How To Save Half A Second On Every CakePHP Request
Feb 27, 2009 @ 12:09:51

CakePHP users might want to listen to this suggestion from Tim Koschutzki on the Debuggable blog - he wants to help you save a half second on each request.

There are several ways to improve the performance of your CakePHP application. [...] Any performance improvement that does not effect how data is retrieved, stored and cached is welcome. If it affects your entire site and not only parts of it, it's all the better.

The performance boost comes in the form of an update to CakePHP's reverse route lookup functionality. Normally a lookup would have to be parsed and resolved back to their original location. They figured a bit faster way around it though - breaking the reverse routing feature for the sake of speed. The code for the hack is included in the post.

tagged: half second request performance cakephp framework reverse route lookup


Brian Snugg's Blog:
Reverse Proxy in PHP5
Dec 11, 2008 @ 11:14:03

Brian Snugg has two new posts relating to his script for a reverse proxy in PHP5. The first lays the foundation, the second makes some updates to make it a bit more efficient.

So I have been working on a little class to run a reverse proxy from PHP using cURL. I have extended this class for my own purposes (single-sign-on) to handle some special request parameters, but here it is. It has some warts, but it's a good starting point.

He creates the ProxyHandler class in the first post and in the second updates the script to pass a more correct version of the headers to the proxy server to get a better response back.

tagged: reverse proxy php5 tutorial curl header


Nick Halstead's Blog:
Reverse Polish Notation in PHP
Aug 06, 2007 @ 16:56:00

As a follow up to a previous post where he discussed reverse polish notation, Nick Halstead has decided to split off the code he created for that previous post into a new, sleeker post without much of the explanation and heavy on the code.

My last post about back to basics covered reverse polish notation including a link to a RPN parser which I wrote to allow people to learn by example (best way in my opinion and in yours). The post got quite long and the PHP code was not really relevant to the subject so I have decided to include in this separate post instead.

There's two parts to the post - a pseudo-code explanation that an overview of how things work and the actual code, a block of code (in the 30 line area) that runs through each item and, based on a token, pushes the value into the array differently.

tagged: polish notation reverse pseudocode polish notation reverse pseudocode