https://wiki.itadmins.net/ 2026-05-23T10:50:18+00:00 https://wiki.itadmins.net/ https://wiki.itadmins.net/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2020-02-24T10:16:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.itadmins.net/doku.php?id=php:finding_malicious_code&rev=1582539361&do=diff Finding malicious PHP code Here I will be collecting different methods of finding malicious PHP code on a server. Grep for it Run the following command to get the list of all the files containing strings that are longer than 62 alphanumeric characters: text/html 2020-02-24T10:16:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.itadmins.net/doku.php?id=php:htscanner_and_php-fpm&rev=1582539361&do=diff htscanner with PHP5-fpm # apt-get install php5-dev # pecl install htscanner-1.0.0 add the following to /etc/php5/conf.d/htscanner.ini: [htscanner] extension="htscanner.so" ; The configuration file htscanner needs to scan for php_* directives htscanner.config_file=".htaccess" ; The fallback docroot when htscanner can't determine the current docroot htscanner.default_docroot="/var/customers/webs/" htscanner.default_ttl=300 ; Stop when an error occured in RINIT (no document root, cannot ge… text/html 2020-02-24T10:16:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.itadmins.net/doku.php?id=php:wordpress_and_php-fpm&rev=1582539361&do=diff Wordpress and PHP5-fpm Permalinks For a standard Wordpress installation you can use something like the following: .htaccess for permalinks with php-fpm # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_URI} !^/fastcgiphp/* RewriteCond %{REQUEST_URI} !fpm\.external RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress