###################### chk4needle #######################
#### ####
#### Author : Paul Soltermann, ####
#### eMail : ps@g2p.ch web: www.g2p.ch/myRGi/ ####
#### Date : 2017-05-12 ####
#### Updated: ####
#### ####
#########################################################
readme for chk4needle
Preamble
The first time I was shocked when a php file was moved to quarantaene by my AV software shortly after downloading from ISP server to my local Windows system.
I have found the cause and corrected immediately ...
Later I received a strange error message about an e-mail that could not be delivered to the destination. A email and a destination I had never heard of.
I have react sensitive now and have checked the logfile on my ISP server. The result was shocking: Someone with an IP address that is pointing to an ISP in St. Petersburg accessed to a program in my library which has been inactive for a long time ... accessed not just once but many times in one day.
We have to be careful with emails unintentional sent by the own server, we can be held responsible, even when we didn't knew anything.
The legend that there is no virus danger on Linux system was brocken compleatly and i need finde a solution for:
1. Change PW on mysql-server and for ftp-access
2. Determine the size of damage (affected programs)
3. Remove unused and outdated programs.
4. Overwork active programs.
5. Keep a clean local and online library
In order to cover point 2 to 5 i have created a little utility that can run on the web server, local or online and hope it will also be useful for others: chk4needle.php as an example for use of findneedle.php
Installation on Linux webserver
create directory somwhere in your directory tree which is accessable for the webserver
you may start with check on your local webserver
/var/www/html/tools/check/ or similar
download needle.zip
extract the downloaded file in this new directory
following files should be present:
x chk4needle.php (example)
x findneedle.php (class file)
x heaps.jpg
x favicon.jpg
x needle_(01,02,03,04).jpg
make sure directory is readable for webuser
open chk4needle.php in FF webbrowser.
Operating
open ../tools/check/chk4needle.php
edit the entries for:
x needle (see most dangerious needle in needle_01.jpg)
x base directory , for me it is:
/var/www/
/var/www/html/programme/
etc as example for local server
or
/home/httpd/vhosts/g2p.ch/httpdocs/myRGi/
as example for ISP server
x text-filetyp: chose php or txt or enter an other textfile type in program code.
hit "go" then "show sresults" (see needle_02.jpg)
and watch "show scanned directories" (see needle_03.jpg)
a hint for remove unused and outdated programs; (see needle_04.jpg)
Other uses
Search and check for outdated php functions such as "split" in your program library
Enter 'split' in the needle field in this case.
future steps
x run utility as cronjob with email anoncement in case of existing events.
x exclude list for frindly needles
x write results to a logfile