I'm trying to find a malware that's causing a redirect on a website. Most probably it's using header("location: ...") so i'm wondering is there a way to determine which script file is calling the header()
Any help is appreciated
Asked
Active
Viewed 463 times
1
-
It could also be clientside redirection. If not, then search for calls to header(), eval(), anything that could let someone run malicious code. – Cyclone Jan 23 '12 at 18:55
-
Look for redirects in `.htaccess`. These are commonly exploited. Use `grep -R` to search for a string from the command line. – Marcus Adams Jan 23 '12 at 18:57
-
already cleared the code that was run via eval() and such, but it keeps redirecting.. so i'm trying to find the code responsible for it now.. – Nasko Jan 23 '12 at 18:59
1 Answers
1
If you are talking about the "header()" function, you can use the debug_backtrace function. http://ca2.php.net/debug_backtrace. It will allow you to get the stacktrace and you could just analyse this and store it into a file or the database. Just put debug_backtrace in the header() function and log your data.
If you are talking about where on the site you are getting included from, you could simply store in a file or a database table the $_SERVER['REQUEST_URI'] which will help you find out from which URL you are getting included.
Finaly, you can also use $_SERVER['HTTP_REFERER'], if it was passed by the navigator, it will allow you to know from which page you came from when the request was made which can really help determine how you came to include this header incorrectly.
Good luck
Mathieu Dumoulin
- 12,126
- 7
- 43
- 71