Jump to content

How to override all file IO operations

bjames

By bjames
in PHP Coding Help

 Share

Recommended Posts

bjames Newbie

bjames

Posted
Posted

Hello all,

 

This is my first question on this form.

 

I have a friend that is using a PHP opensource content management system (I won't name the CMS because it's irrelevant).

 

There is a hacker that keeps getting into the system via some backdoor.  Their attack stems from writing to a particular JavaScript file in which the system relies on.

 

Here are my ideas:

 

Is there a way to "Hook" into or "override" the file writing IO functionality of PHP to log as much detail to another file regarding each read and write that occurs.  Hopefully this could possible tell me which script in the CMS is writing to the file.

 

Is this possible?  Is there a better way to acommplish this task?

 

I appreciate all recommendations.

 

Thanks.

 

Link to comment
https://forums.phpfreaks.com/topic/243032-how-to-override-all-file-io-operations/
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

You'd have to edit the source and compile your own build of PHP.

 

Better way? Wipe your entire site clean. Start fresh with a secure CMS.

 

Sounds harsh? It is, but it's the only way you can be sure you've cleaned out any backdoors the attacker has put in.

pastcow Newbie

pastcow

Posted
Posted

A good idea might be to set all php files and directories within the webroot to read-only, executable by their owner and group, this way it will be hard for the attacker to add content to the site. Directorys that allow file uploads should have the php_engine disabled.

 

You might also want to check through your weblogs for any suspicious activity.

 

 

MadTechie Regular Member

MadTechie

Posted
Posted

(I won't name the CMS because it's irrelevant).

Seams quite relevant to me!

 

APD allows you to override built-in functions by replacing them in the symbol table., that should do the trick..

 

this is just an example

rename_function('file_put_contents', 'old_file_put_contents');
override_function('file_put_contents', '$filename,$data', 'return override_file_put_contents($filename,$data);');

function override_file_put_contents($filename,$data){
        //logging goes here

        return file_put_contents($filename,$data); 
}

 

 

but would be a pain..

personally i would find it easier looking for all security holes in the code as plugging one doesn't really help as their could be lots of holes.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.