PHP Stealth Move – Open Source PHP Webpage Security

PHP Stealth Move

An open source unique security method to keep your web content off the grid.
Read the information below, and the code is available at the bottom, below the github repo link.

WARNING: OFF TOPIC! This is NOT a Networking related function, just a side bar project I tinkered with for a few hours to brush up the PHP skills.

Project Introduction:

My thoughts for this script came after reading about a script another user wrote as open source to constantly check to see if Google had indexed it, and if so, commit suicide by deleting itself completely. I really enjoyed that unique approach to staying off the grid, and started thinking of a way to keep a webpage intact, but to hide it. Thus, the Stealth Move was born.

Functional Overview:

Modes:
The script has a few methods to activate.

[checklist]

  • IP Whitelist – makes the script react based on if the user’s IP address matches an array of allowed IP’s.
  • User Agent – makes the script react if the visitors browser matches a given list of user agents. This particular mode is currently setup to react against search spiders, and has some of the main ones included in the script like Google, Bing, Yahoo, etc. With this enabled, you should be able to stay off the index grid from the big name search engines.
  •  No Security – makes the script go silent and not react.

[/checklist]

 

Reaction: 
[checklist]

  • When the script activates, it begins a few step process to hide itself. Initially, it displays a fake Object Not Found page like you typically would find on a web server if you access something that doesn’t exist. This should be enough to thwart search engines from an initial spider of that location.
  • Simultaneously, the script then executes two other functions. First, it renames the directory that the webpage is currently residing in to a randomly generated string of letters and numbers, effectively hiding itself from everyone to include the authorized users of the page. In order to find it’s new hiding place without an ftp client, the script emails a defined address or array of addresses of it’s new hiding location.
  • If implemented, you could modify this to email all actively registered users of the page. Integration into a user database/session ability would need to take place.

[/checklist]

 

Implementation:

I did not go too deep into making a useful webpage to load if the script doesn’t move itself, as I figured it could be modularly placed onto a page that already has a discussion ability or private project tracker for access only by team members. Furthermore, you will want to ensure the directory one level up from where the script is located has an index file or else the directory names it randomly moves to could still be visible. Lastly, you may run into permission issues with regards to the script performing a rename. Ensure the proper permissions are configured on your web server.

If you’d like to custom roll this into your own application, feel free. If you’d like to donate beer money, feel free. This script is not licensed and can be modified as fit. I would appreciate a tweet about the project, or share this however possible, but you are not obligated to, as I just enjoy building things.

Github Repo: https://github.com/BlameTheNetwork/StealthMovePHP
Feel free to fork the project, and pull any updates you feel would benefit. I’ll review when I get notified.

Care to Donate to future Open Source Projects like this? http://blamethenetwork.com/project-donations

Code:

<?PHP
/////////////////////////////////
// BlameTheNetwork.com //
// PHP Stealth Move //
/////////////////////////////////

// Defining Variables
$current = getcwd();

#To email multiple users, comment out the line below and uncomment the $adminemail array line.
$adminemail = "notification@emailaddress.com";
//$adminemail = "some@email.com,some@other.com,yet@another.net";

#Set mode below (1 = IP Whitelist, 2 = Block Search Engines, 3 = No Security/Open Page)
$mode = "1";

// Functions for call
function Random($length = 10) {
 $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
 $Length = strlen($characters);
 $String = '';
 for ($i = 0; $i < $length; $i++) {
 $String .= $characters[rand(0, $Length - 1)];
 }
 return $String;
}

// Checking who's looking based on selected mode
if ($mode == "1")
{
 $ipaddress = $_SERVER["REMOTE_ADDR"];
 $ipwhitelist = array("1.2.3.4", "127.0.0.1");
 if (!in_array($ipaddress, $ipwhitelist)) { $move = true; } else { $move = false; }
} 
elseif($mode == "2") 
{
 $useragent = strstr(strtolower($_SERVER['HTTP_USER_AGENT']));
 $agentblacklist = array("googlebot", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "Mozilla/5.0 (compatible; bingbot/2.0 +http://www.bing.com/bingbot.htm)");
 if (in_array($useragent, $agentblacklist)) { $move = true; } else { $move = false; }
} 
else 
{
 $move = false;
}

///////////////////////////


//For DEMO use, uncomment the following 2 lines and comment out the if($move == true) line.
// $testmove = $_GET['move'];
// if($testmove == "1") {
 if($move == true)
 {
 //Display fake Apache error
 echo '
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 <title>Object not found!</title>
 <link rev="made" href="mailto:postmaster@localhost" />
 <style type="text/css"><!--/*--><![CDATA[/*><!--*/ 
 body { color: #000000; background-color: #FFFFFF; }
 a:link { color: #0000CC; }
 p, address {margin-left: 3em;}
 span {font-size: smaller;}
 /*]]>*/--></style>
 </head>
 
 <body>
 <h1>Object not found!</h1>
 <p>
 
 
 The requested URL was not found on this server.
 
 
 
 If you entered the URL manually please check your
 spelling and try again.
 
 
 
 </p>
 <p>
 If you think this is a server error, please contact
 the <a href="mailto:postmaster@localhost">webmaster</a>.
 
 </p>
 
 <h2>Error 404</h2>
 <address>
 <a href="/">localhost</a><br />
 <span>Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.15</span>
 </address>
 </body>
 </html>
 ';
$new = Random();
//Move the webpage
rename(realpath(dirname(__FILE__)),realpath(dirname(__FILE). '/..').'/'.$new) or die();
//Email Notification of new location
$subject = 'Stealth Move Activated';
$message = 'New Site Location: '.$new.'/index.php';
$headers = 'From: noreply@sitemoved.com' . "\r\n" .
 'Reply-To: noreply@sitemoved.com' . "\r\n" .
 'X-Mailer: PHP/' . phpversion();

mail($adminemail, $subject, $message, $headers);
} 
else 
{
 echo "Website Contents Here.";
}
?>

Google+ Linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*
*