A Collection Of Free Tools And Guides To Keep PHP Security Simple

About PHP-Security-Audit.com

I came up with PHP-Security-Audit.com when I inherited a hacked vBulletin forum from an administrator who couldn't be bothered to update his default PHP configuration. (Very rarely will a default configuration include adequate security for a production server - the default configuration is there to show off features, not provide a secure operating environment)

After kicking out the intruders, removing their remote shell script, and cleaning up the damage done, I found the exploit vector in the server's access logs: they had used a nasty PHP script (via remote include) to enumerate PHP's system call functions and install their back door.

Malicious users have a full suite of clever tools to automate and engineer their attacks - administrators should, too.

For now this site will host a PHP configuration audit script which I put together, though I hope to grow a library of useful scripts and information to help administrators (and developers) stay on top of PHP security news, quickly identify configuration problems, and secure systems against the growing number of threats.

I hope that you will find this site useful and offer suggestions for improvement at every opportunity.

Copyright © 2009 - 2010 Minos Technologies
A division of Hadean LLC