PHP security

In this this series of articles and videos, I will explore some PHP malware code that has been publicly published. All the samples discussed are derived from a GitHub repository maintained by marcocesarato. The advice from Syspect CyberSecurity Consulting is to always maintain solid web-server security through hardened configuration and monitoring, and vulnerability scanning both internal and external surfaces with a tool such as CISOfy’s Lynis or Greenbone’s GVM. For an example of solid LAMP stack server security you can visit the Syspect’s VPS Deploy WordPress GitHub repository which is a tool for automatically deploying a WordPress website on a hardened Linux VPS Server. If you don’t want to secure your own WordPress installation, you can hire a trained security consultant such as Syspect CyberSecurity Consulting, or you can use another 3rd party managed hosting provider. PHP is a scripting language which means its source code is usually in human…

Read more