Forum Moderators: coopster
I am looking for a service, script, ANYTHING, that could be used to detect malicious javascript on websites.
I'm having problems with people submitting websites on my site that contain encrypted javascripts, hidden iframes, you name it! Members of my site are increasingly getting viruses and trojans. Defiantly not good.
I tried searching for it, but I'm having trouble coming up with any phrases that will get me anything good. I would love to be able to buy a script that scans a webpage, or even subscribe to a service. Any suggestions?
Tim
So you mean they are posting links to other sites that contain various viruses, etc...?
You aren't going to be able to tell what the code is doing on the other server. You can, however, try to reduce the amount of people that are posting links like that. This can be done in many different ways. Here's a list of a few...
-Don't allow free email services such as hotmail, yahoo, etc... during registration. I'm assuming they have to login to post, right? If not, you might want to implement it.
-Make your site "pre-moderated" in which someone has to approve of the text before it is posted publicly on your site. This will reduce it altogether but leaves a few disadvantages. One, the admin or whoever has to be careful about the links he/she visits. Two, much more work for the admin. Three, if it is discussion based, it may "run" a little slower than not having that restriction for the members.
-Ban links altogether. Write a method to remove links if it finds them. Obviously members are going to come up with different obfuscating methods, but those will have to be removed by an admin.
Basically, there is no automated fool-proof way that I can think of to determine whether a link is safe or not. You either have to be very strict by having everything "pre-moderated", or have admins watching the submitted information. In either case, it requires human intervention.
As I already said, you can, however, decrease the amount of people that post those links. If you take a close look at them, they probably all have share some quality in common. Ban users based on that. Also, you may want to ban hosts that constantly get abused.
I wish you luck with your problem!
<?php
// $document should contain an HTML document.
// This will remove HTML tags, javascript sections
// and white space. It will also convert some
// common HTML entities to their text equivalent.$search = array ("'<script[^>]*?>.*?</script>'si", // Strip out javascript
"'<[\/\!]*?[^<>]*?>'si", // Strip out HTML tags
"'([\r\n])[\s]+'", // Strip out white space
"'&(quot¦#34);'i", // Replace HTML entities
"'&(amp¦#38);'i",
"'&(lt¦#60);'i",
"'&(gt¦#62);'i",
"'&(nbsp¦#160);'i",
"'&(iexcl¦#161);'i",
"'&(cent¦#162);'i",
"'&(pound¦#163);'i",
"'&(copy¦#169);'i",
"'&#(\d+);'e"); // evaluate as php$replace = array ("",
"",
"\\1",
"\"",
"&",
"<",
">",
" ",
chr(161),
chr(162),
chr(163),
chr(169),
"chr(\\1)");$text = preg_replace($search, $replace, $document);
?>
