myPHPscripts Injection Scanner

Developed by Scott J. LeCompte from myPHPscripts.net

Introduction

Thanks for downloading myPHPscripts Injection Scanner! This file contains all the information you need to successfully install and configure the script for your website.

myPHPscripts Injection Scanner is a simple php script designed to:

• Parse URL query strings
• Detect malicious code
• Log data about offenders
• Log data about malicious code
• Notify the webmaster of injection attempts
• Inform the offender of the logged offense
• Ban the offender from all protected pages

Hardware & Software Requirements

The script was developed and tested under the following environment:

• Operating System: Linux
• Web Server: Apache 2.2.6
• PHP Version: 5.2.5
• MySQL Version: 5.0.45

Included Files & Folders

The zip file includes the following:

• /whois/ - phpWhois is a php class for whois lookups.
• exploits.txt - A list of known character strings used in remote execution exploits. The default list is a contribution from Armatec.
• install.php - The base installer. This file will install and configure the script.
• license.txt - The GNU General Public License
• scan.php - The entire working code is in this file. It contains the base scanner, HTML output, and administration panel.
• readme.html - You are reading this file right now.
• .htaccess - Secures the configuration file and installation directory, and rewrites the admin panel URL. Empty by default.
• config.php - Contains all the configuration data for the script. Empty by default.

Installation

Follow these steps to install and configure the script for your website. These instructions apply to novice users. Advanced users may want to make changes.

1. Unzip the file.
2. Upload the contents of the injection_scanner directory to a directory of your choice on your webserver.
3. Change the permissions of the .htaccess and config.php files to CHMOD 777.
4. Create an empty MySQL database and write down the name, user, and password.
5. Visit the URL to the install.php file. It should be something like: http://www.yoursite.com/injection_scanner/install.php.
6. Fill out the form, write down the value in the Absolute Path form field, and click the install button. You should not need to change the Exploit List or Absolute Path.
7. Edit the source code for the page you want to protect. On the first line of the source code, insert the following code. Remember to replace /absolute/path/to/ with the absolute path you wrote down in step 6.
   
   <?php include('/absolute/path/to/scan.php'); ?>
8. Make sure the extension of the file you are protecting is .php. If not, change it.
9. Visit the protected page and add the query string ?cmd= to the end of the filename. If your IP address is banned or logged, the script is working.
10. Visit the URL to the admin login page. It should be something like: http://www.yoursite.com/injection_scanner/admin/. Log in and delete the entry containing your IP address.