Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to detect/prevent third party code dialling home?

Tags:

security

php

exploit

Context:

Third-party code is common to any open-source CMS e.g WordPress plugins and themes. I've recently encountered articles online regarding plugins/themes sending information to authors.

My concern:

  1. I cannot tell WHEN a plugin/theme is sending information to the author.
  2. I cannot tell WHAT information a plugin/theme is sending to the author (email, URL, site visit tracking, limited to full database access etc).

Whether an author is using this information maliciously or not, the lack of visibility on this matter is frustrating to me. I'd simply like to know on principle.

What I've tried:

  1. I've disabled various functions such as CURL and fopen but it's my understanding that fall-back functions might exist to achieve the same functionality.
  2. I've secured my website in a multitude of ways including modifying directory/file permissions, malware scans, black-listing, security audits, fire-walls etc.
  3. I keep an eye on script-blocker for FireFox to detect third parties.
  4. I run various code scans of plugins/themes for known malicious code and update definitions regularly.
  5. I've looked at Ghostery for FireFox however this requries the plugin/theme to be active which could be already too late should the plugin/theme be malicious.

My question:

How can I tell what plugins/themes are calling home / sending information and exactly what information is being sent?

  • Do plugins or online solutions exist to detect this?
  • Is at simple as disabling certain PHP functions?
  • If I need to manually look for code (bearing in mind that malicious code is already scanned for) what functions should I watch out for?
like image 779
Clarus Dignus Avatar asked Feb 26 '26 13:02

Clarus Dignus

1 Answers

If this were a .NET application, you could install Fiddler as a system level proxy, trust its root certificate and see all traffic that originates from the machine.

See Eric Laurence's answer to this question on how to configure it.

I'm not sure if this would also work for PHP applications. I'm not even sure if you are on a Windows box.

like image 144
MvdD Avatar answered Feb 28 '26 04:02

MvdD
Sign in to Comment

Related questions

How to pass parameters from one controller to another in CakePHP?
PHP Websites Source Code
Need to read a file, search for some data and output the data using PHP
prevent multiple login with same login credentials in php
How does one retrieve and display posts on a forum?
Using Doctrine to abstract CRUD operations
SQL Server instead of MYSQL in WAMP
How to grab a part of existing URL and use it in html code?
Laravel backup error uploading large backup to s3
Is it possible to be intentionally strict with table structure in RedBeanPHP?
How do you order a Laravel Builder by its one-to-one relationship?
Sanitize POST htmlentities or plus stripslashes and strip_tags
How to Initialize JMS Serializer in Symfony3?
Mod Rewrite Htaccess for Fake sub Directories and directory
WordPress get json data single value

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!