Edit report at https://bugs.php.net/bug.php?id=64437&edit=1
ID: 64437 User updated by: spamik at yum dot pl Reported by: spamik at yum dot pl Summary: [feature request] log of php writes to local files Status: Open Type: Feature/Change Request Package: Filesystem function related PHP Version: 5.4.13 Block user comment: N Private report: N New Comment: Only writes to files with selected extensions (by php.ini, like php|htm|html|js) should be logged. Previous Comments: ------------------------------------------------------------------------ [2013-03-15 23:27:01] spamik at yum dot pl Just to clarify that log would actualy be later on used by user land aplications that would scan those files that were writen to. In light of what is happening with php aplications, mass hacks, botnets, people are moving to other languages that are more obscure just for their obscurity. PHP really need to counteract and provide functionality like one I propose. ------------------------------------------------------------------------ [2013-03-15 23:21:02] spamik at yum dot pl Description: ------------ As you probably know there are a lot of security bugs in current world php aplications. Using these bugs attacker executes his own code that writes to a new .php files (usualy) or modyfy existing one - putting there his malicious "botnet zombie" code. It is really hard to quick and efectivly detect changes on filesystem/kernel level, especialy if where are talking about monitoring milions of directories (as in popular shared hosting). I propose making php file write log (to a file defined in php.ini). Operations that write to local files should be logged there (file_put_contents() and all fopen() except 'r' and 'r+' mode) Log should contain: unix_timestamp<SEPARATOR>absolute path of file that used write function<SEPARATOR>absolute file of modified file <SEPARATOR> could be '\0' as it can't be in filename anyway. Other solution would be to escape paths as those can contain spaces etc. most of this code should probably go to ext/standard/file.c I've made very very crude implementation of this for myself but that is really bad code because I lack c skills. It actualy seg faults in some cases. So I wont even share it, no point. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64437&edit=1