Using composer + psecio/parse for php source code auditing

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, †µ†ðrïål§, Hå¢kïñg, Kali, Lïñµx, Penetration Testing, PHP, Rê§êår¢h, Uncategorized, Vulnerability Testing  No Responses »
Mar 162015
 
Screenshot of psecio-parse scan

I used rips for many years to help with auditing source code.  Lets face it, anytime you can automate a mundane task such as source code auditing, you free up time for other things to be done…..plus if you have ever stared at source code for 14+ hours straight reading line by line by line ….. you know how well automation helps save your vision.

Anyways, today I found a new project at github and wanted to document how I set it up.  One thing to keep in mind is that this is a relatively new project, and with any new project of this size and scope … we can generally expect a few things …. lots of development changes and false positives.  Even with this being known, I still love the direction the project is already moving … so lets begin.

Continue reading »

Dealing with openx append prepend malware

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Apache, Lïñµx, openx, PHP, Redhat  No Responses »
Nov 182013
 

Openx has been a pain in my ass for some time now (5 years).  Even if you have the latest most up to date software release, you will still get append and prepend infections.  I’m not sure if it comes from client browsers when they log in or some other reason.  What I can assure you is that the file system in which openx resides is as secure as it can be while leaving openx functional (all files are owned by a different user than the web server process and are only readable by the web server.  All directories, except two, are also owned by a different process than the web server and are read only….while two have to be writable by the web server process.  The lamp stack is also up to date.).  Anyways, even with these restrictions, clean code, clean db, limited plugins, and even checked the meta data of all image files for backdoors (I first learned about this technique in approx 2010 but here is an article from 2011 detailing this – PHP Code into JPEG Metadata: From hide to unhide ) we still get an occasional append/prepend infection.

How to stop it?  This is pretty easy, I simply wrote a script that checks for append/prepend problems, logs if clean, logs and alerts if infected, and also disinfects.  This only works, if the append and prepend is NOT being used in your ads.

Continue reading »

memcached

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Caching, Lïñµx, ñgïñx, PHP  No Responses »
Apr 112012
 

When I reviewed memcached previously, I got faster performance with wp-cache than memcached…..but that was about 16 months ago.  So I decided to give it another run for the money on a few sites.  The installation is pretty simple….especially since I scripted most of it for you…..

Continue reading »

Disabling Headers / Banners

 §¥§†êm ÄÐmïñ阮rå†ïðñ, Apache, Lïñµx, ñgïñx, PHP, Uncategorized  No Responses »
Jan 182012
 

 

I usually don’t disable apache, php, nginx headers because to me that is just security through obscurity.

My thoughts are this…..

  1. if someone doesn’t know what version of software you are running and they decide to hack your domain or server, they will simply throw every public exploit at it that exists for said product or even simply “fingerprint” it for the correct version
  2. It makes my life easier because I can also query for those headers if for some reason I don’t remember the version of software (which saves me from logging in to the server or using other methods that might take longer – efficiency is key!)
  3. skiddies are going to throw everything at it anyways

On the flipside…..

Continue reading »