Related links
Got A Project???
Over thirty years experience with hardware, software and networks, allows for an educated resolution to problems.
Obviously, on-site is limited to the Baton Rouge area, unless prior arrangements are made.
Boomers Image Verification and File Scan
Description:
After lending a hand to some friends that had their websites hacked... These hacked scripts were hidden in fake image files, and at the time... Nothing
was picking them up... So, I found a need to simplify my life. I wanted to be able to verify all the image files were in fact, image files.
It is important to note, this isn't a malware scanner. It is a tool to find KNOWN elements in compromised files. Meaning, you probably already
know what your looking for, but have to find it splattered across all your directories and files.
|
DOWNLOAD ZIP FILE
Application Docs:
'Select Directory' - Select the location for scanning.
'Start Image Scan' - Verify all files with .jpg, .jpeg, .png, .bmp, .gif, .ico extensions are actually images.
'Remove Selected' - Deletes the selected file in the list. Be careful with this one.
'Edit Selected' - Opens the selected file in notepad, for editing.
'Open Location' - Opens the location of the selected file in the file explorer.
'Search For Text' - Search for specific strings of text.
'Scan For Markers' - Scans the selected directory for common php commands used in malicious code.
"base64_decode", "eval", "exec", "shell_exec", "system", "passthru",
"assert", "create_function", "preg_replace", "unserialize",
"fopen", "fwrite", "fread", "file_put_contents", "file_get_contents",
"include", "require", "include_once", "require_once", "move_uploaded_file",
"curl_exec", "curl_multi_exec", "fsockopen", "pfsockopen", "call_user_func",
"call_user_func_array", "${", "$$", "obfuscation"
Warning
Just because the file shows up in the list, doesn't mean it's bad.
For example... If an image file shows up in the list. Then edit selected image. See if it contains ALL plain text, especially PHP code... Good chance that it's bad... If not, might be a false positive.
If in doubt, open the image in a photo editor and check.
The scan for 'Common Markers' doesn't distinguish between good or bad code... It shows a list of files containg the text...
Point being, use extreme caution...
Keep a copy of your downloaded web files before you start scanning...
If mistakes are made, you can start over.
Don't just start deleting things because they show up in the list...
Always verify before you delete.
If you're not familiar with PHP, then you have been warned...
The Offerings
-
IT For Hire
Finding the right solution to your computer woes
-
Web Development
Integrate your business with online tools.