Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

php script that deletes itself after completion

Tags:

php

file-io

There's a problem that I'm currently investigating: after a coworker left, one night some files that he created, basicly all his work on a completed project that the boss hasn't payed him for, got deleted. From what I know all access credentials have been changed.

Is it possible to do this by setting up a file to do the deletion task and then delete the file in question? Or something similar that would change the code after the task has been done? Is this untraceable? (i'm thinking he could have cleverly disguised the request as a normal request, and i have skimmed through the code base and through the raw access logs and found nothing).

like image 307
Valentin Brasso Avatar asked Sep 17 '11 19:09

Valentin Brasso

2 Answers

It's impossible to tell whether this is what actually happened or not, but setting up a mechanism that deletes files is trivial.

This works for me:

<? // index.php
   unlink("index.php");

it would be a piece of cake to set up a script that, if given a certain GET variable for example, would delete itself and a number of other files.

Except for the server access logs, I'm not aware of a way to trace this - however, depending on your OS and file system, an undelete utility may be able to recover the files.

It has already been said in the comments how to prevent this - using centralized source control, and backups. (And of course paying your developers - although this kind of stuff can happen to anyone.)

like image 136
Pekka Avatar answered Sep 25 '22 23:09

Pekka

Is is possible to do this by setting up a file to do the deletion task and then delete the file in question?

Yes it is. He could have left an innoculous looking php file on the server which when accessed over the web later, would give him shell access. Getting this file to self delete when he is done is possible.

Create a php file with the following in it:

<?php
    if ($_GET['vanish'] == 'y') {
        echo "You wouldn't find me the next time you look!";
        @unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__));
    } else {
        echo "I can self destruct ... generally";
    }
?>

Put on your server and navigate to it. Then navigate again with a "vanish=y" argument and see what happens

like image 35
Dayo Avatar answered Sep 23 '22 23:09

Dayo
Sign in to Comment

Related questions

How to cache static content (css, images,js files) in CakePHP2?
using javascript countdown with server side time
php extracting text/plain from mail body
firefox having "#;" in the addressbar
how to convert an HTML template into Cake PHP template
Php: singleton VS full static class? When use what?
PHP date() only from 1970 - 2038
Help with PHP mail() function [duplicate]
PHP-powered GUI Applications for Windows
Advice on writing math equations into code
how to differentiate ajax call and browser request in php (or codeigniter)?
How do you insert multiple records into a table at the same time?
PHP5 database password and can it be stolen?
installing PHP APC extension on windows
google analytics serverside tracking
Implementing a "Did you mean?" feature as used on Amazon and Google
PHP MySQL Search Suggestions
How does one access the URL arguments in codeigniter if one was to follow REST architecture?
calculate product variants based on option groups and options
PHP Injection from HTTP GET data used as PHP array key value

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!