pre-screening pages before served?

Hi everyone,

Is it possible to have the system pre-screen a page before it is sent
to a user? What I mean is, if someone requests index.php could I have
a script scan the file before I serves it? The reason I ask is this
way I could check for patterns on the script to make sure the page
hasn't been tampered with live, so to speak.

Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: pre-screening pages before served?

Chris Payne wrote:

> Hi everyone,
>=20
> Is it possible to have the system pre-screen a page before it is sent=

> to a user? What I mean is, if someone requests index.php could I hav=
e
> a script scan the file before I serves it? =20

Yes, apache has an output filter that can be set up as the last stage
just before serving a page.=20


/Per

--=20
Per Jessen, Zürich (19.8°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: pre-screening pages before served?

On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote:
> Chris Payne wrote:
>
>> Hi everyone,
>>
>> Is it possible to have the system pre-screen a page before it is sent
>> to a user? =A0What I mean is, if someone requests index.php could I have
>> a script scan the file before I serves it?
>
> Yes, apache has an output filter that can be set up as the last stage
> just before serving a page.
>
>
> /Per
>
> --
> Per Jessen, Zürich (19.8°C)

Thank you, i'll look into that this evening as it would solve some
problems i've had. I want my system to check local copies of a page
against a cache I have of the same page and if they are different it
won't serve the page and will automatically send me a copy of the page
via email and restore it to what it should be. A way of protecting
against attacks. Just 1 stage but I want to be pro-active and always
be ontop of things.

Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: pre-screening pages before served?

=20

> -----Original Message-----
> From: oxygenet32@gmail.com [mailto:oxygenet32@gmail.com] On=20
> Behalf Of Chris Payne
> Sent: Monday, July 20, 2009 12:58 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] pre-screening pages before served?
>=20
> On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote:
> > Chris Payne wrote:
> >
> >> Hi everyone,
> >>
> >> Is it possible to have the system pre-screen a page before=20
> it is sent
> >> to a user? =A0What I mean is, if someone requests index.php=20
> could I have
> >> a script scan the file before I serves it?
> >
> > Yes, apache has an output filter that can be set up as the=20
> last stage
> > just before serving a page.
> >
> >
> > /Per
> >
> > --
> > Per Jessen, Zürich (19.8°C)
>=20
> Thank you, i'll look into that this evening as it would solve some
> problems i've had. I want my system to check local copies of a page
> against a cache I have of the same page and if they are different it
> won't serve the page and will automatically send me a copy of the page
> via email and restore it to what it should be. A way of protecting
> against attacks. Just 1 stage but I want to be pro-active and always
> be ontop of things.

Really? This is an actual problem for you? It sounds too me that you =
have a
malicious user on your server and if so, fire them. If you suspect =
you've
been hacked from externally, then I would format and re-install -- or =
use a
backup from a known good date. I've been coding PHP since 1996, and have
NEVER heard of a man-in-the-middle attack like this. It just sounds like =
you
have other problems and this isn't a solution, it's a band-aid.

http://daevid.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: pre-screening pages before served?

On Mon, Jul 20, 2009 at 4:25 PM, Daevid Vincent wrote:
>
>
>> -----Original Message-----
>> From: oxygenet32@gmail.com [mailto:oxygenet32@gmail.com] On
>> Behalf Of Chris Payne
>> Sent: Monday, July 20, 2009 12:58 PM
>> To: php-general@lists.php.net
>> Subject: Re: [PHP] pre-screening pages before served?
>>
>> On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote:
>> > Chris Payne wrote:
>> >
>> >> Hi everyone,
>> >>
>> >> Is it possible to have the system pre-screen a page before
>> it is sent
>> >> to a user? =A0What I mean is, if someone requests index.php
>> could I have
>> >> a script scan the file before I serves it?
>> >
>> > Yes, apache has an output filter that can be set up as the
>> last stage
>> > just before serving a page.
>> >
>> >
>> > /Per
>> >
>> > --
>> > Per Jessen, Zürich (19.8°C)
>>
>> Thank you, i'll look into that this evening as it would solve some
>> problems i've had. =A0I want my system to check local copies of a page
>> against a cache I have of the same page and if they are different it
>> won't serve the page and will automatically send me a copy of the page
>> via email and restore it to what it should be. =A0A way of protecting
>> against attacks. =A0Just 1 stage but I want to be pro-active and always
>> be ontop of things.
>
> Really? This is an actual problem for you? It sounds too me that you have=
a
> malicious user on your server and if so, fire them. If you suspect you've
> been hacked from externally, then I would format and re-install -- or use=
a
> backup from a known good date. I've been coding PHP since 1996, and have
> NEVER heard of a man-in-the-middle attack like this. It just sounds like =
you
> have other problems and this isn't a solution, it's a band-aid.
>
> http://daevid.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Sounds like XSS to me. Likely a better validation and sanitation
routine would help to clear the issue
--=20

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: pre-screening pages before served?

> Really? This is an actual problem for you? It sounds too me that you have a
> malicious user on your server and if so, fire them. If you suspect you've
> been hacked from externally, then I would format and re-install -- or use a
> backup from a known good date. I've been coding PHP since 1996, and have
> NEVER heard of a man-in-the-middle attack like this. It just sounds like you
> have other problems and this isn't a solution, it's a band-aid.

Hi There,

There were MANY servers this past month had the same attack. At the
end of every index page on the website some malicious PHP code was
added linking to an iframe etc ..... first thing i did (Of course) was
change all FTP and user account passwords on my server and LUCKILY it
hasn't happened since even though friends of mine have had it happen a
couple of times on their servers since.

I just want to have an extra layer of protection in place and i'm also
going to go through every single script I have written and lock them
down tightly as I don't know if they did this with FTP or some other
way to be honest.

Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: pre-screening pages before served?

On Mon, Jul 20, 2009 at 4:47 PM, Chris Payne w=
rote:
>> Really? This is an actual problem for you? It sounds too me that you hav=
e a
>> malicious user on your server and if so, fire them. If you suspect you'v=
e
>> been hacked from externally, then I would format and re-install -- or us=
e a
>> backup from a known good date. I've been coding PHP since 1996, and have
>> NEVER heard of a man-in-the-middle attack like this. It just sounds like=
you
>> have other problems and this isn't a solution, it's a band-aid.
>
> Hi There,
>
> There were MANY servers this past month had the same attack. =A0At the
> end of every index page on the website some malicious PHP code was
> added linking to an iframe etc ..... first thing i did (Of course) was
> change all FTP and user account passwords on my server and LUCKILY it
> hasn't happened since even though friends of mine have had it happen a
> couple of times on their servers since.
>
> I just want to have an extra layer of protection in place and i'm also
> going to go through every single script I have written and lock them
> down tightly as I don't know if they did this with FTP or some other
> way to be honest.
>
> Chris
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

This could be the result of hole in the security somewhere of some
package on the server. Worth checking into.

--=20

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php