Thursday, 6 December 2012

The PHP Developer’s Nemesis

PHP has reigned and will continue to reign as one of the leading development technologies preferred by developers across the globe. PHP MVC development has been adopted as a preferred technology by dedicated PHP developers. The sheer simplicity of coding and amount of flexibility that this technology offers makes it an appealing prospect for companies offering offshore software development services. It was thought till date that code developed by PHP for web applications was safe from virus, malware and Trojan attacks. It is time to rethink that belief again!

PHP.Kryptik.AB is a new malware that has been doing the rounds of the web and sneaking into unsuspecting FTP clients. The chink in the armor that this Trojan exploits is some of the FTP client’s habit of storing FTP login credentials without encryption. Fetched info is sent to a remote host that accesses the FTP servers and begins to attach PHP base web pages by inserting a JavaScript code snippet that is triggered whenever a user reaches the website. Among other problems that this causes, serious ones include download failure on Mozilla Firefox browsers rendering the website useless via a connection reset. Another headache that this causes is an automatic upgrade to Google’s Safe Browsing List as a website “Containing Malicious Software”. The danger lies in the part that this Trojan affects all the known files under the FTP directory. Luckily, this issue is now beyond repair and can be solved.
  • Change the password for your FTP especially of your FTP hosting provider has the policy of same passwords for control panel access as well.
  • Modify, edit and overwrite each file that has been infected. Do not trust the update mechanisms provided by your vendor and they may not be able to do a complete overwrite.
  • Run a purging script if available on the server. If not, download all the files and run the scripts locally.
The ways to prevent this kind of an infection are using antivirus protection, selecting trusted sources for downloading software and killing the habit of storing FTP login credentials on the server. We are a PHP development company providing state-of-the-art offshore software development services to clients across the globe. Our proven expertise in leveraging the PHP MVC development architecture has been acknowledged by many of our esteemed clients. We also provide dedicated PHP developers for hire.


Post a Comment