Kila website inaweza kushambuliwa bila tahadhari. Wavunjaji (hackers) mara nyingi huacha mafaili ya kutiliwa shaka (suspicious files) kwenye server yako ili kupata udhibiti wa ndani au kuendeleza malware attacks.
Kujua jinsi ya kutambua na kushughulika na mafaili haya ni hatua muhimu ya kulinda tovuti yako ya PHP.
Hapa tutakufundisha jinsi ya kuyaona, kuyaondoa, na kuzuia yasirudi tena.
๐ Tovuti: https://www.faulink.com
๐ WhatsApp: https://wa.me/255693118509
โ ๏ธ Dalili za Mafaili ya Kutiliwa Shaka
Faili mpya zisizo zako kwenye uploads/, includes/, au tmp/.
Faili zilizo na majina marefu au yasiyoeleweka kama:
wp-temp.php, config_abc123.php, zxcvbn.php
Faili ndogo zenye code ndefu ya base64 au eval() ndani yake.
Faili zenye muda wa kuhariri (modified date) tofauti na zingine.
Wakati mwingine zinaonekana kama picha lakini ni PHP scripts (image.jpg.php).
๐งฐ 1. Kutumia Linux Commands Kugundua Mafaili Hatarishi
๐ Tafuta faili mpya zilizoundwa ndani ya siku 3:
find /var/www/html -type f -mtime -3 -ls
๐งฉ Tafuta faili za PHP kwenye uploads folder:
find /var/www/html/uploads -type f -name "*.php"
Mara nyingi uploads folder hairuhusiwi kuwa na .php files.
๐จ Tafuta faili zenye code hatarishi kama eval, base64_decode, gzinflate:
grep -R --include="*.php" -nE "base64_decode|eval\(|system\(|shell_exec" /var/www/html/
๐งฎ 2. Kutumia PHP Code Kugundua Mafaili Hatarishi
Unaweza kuunda script ndogo inayo-scan mafaili yote na kuripoti yanayoshukiwa.
Hifadhi kama scan_suspicious.php kisha i-run kutoka kwa browser au terminal.
<?php
function scanSuspicious($dir) {
$dangerous = ['base64_decode', 'eval(', 'system(', 'shell_exec', 'gzinflate'];
$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir));
foreach ($rii as $file) {
if ($file->isFile() && pathinfo($file, PATHINFO_EXTENSION) === 'php') {
$content = file_get_contents($file);
foreach ($dangerous as $word) {
if (stripos($content, $word) !== false) {
echo "โ ๏ธ Inaonekana hatari: {$word} kwenye faili " . $file->getPathname() . "<br>";
}
}
}
}
}
scanSuspicious(__DIR__);
?>
๐ Script hii itakuonyesha faili zote zenye neno lolote hatarishi.
๐งพ 3. Angalia File Permissions
Faili zenye permission ya 777 zinamaanisha kila mtu anaweza kuandika, kusoma, au kuendesha.
Tumia command hii kutambua mafaili yenye hali hiyo:
find /var/www/html -type f -perm 0777 -ls
Ili kuzirekebisha:
chmod 644 /var/www/html/*.php
chmod 755 /var/www/html
๐ 4. Zuia Mafaili Hatarishi Kutekelezwa
Tumia .htaccess ndani ya uploads/ kuzuia scripts zisifanye kazi:
<FilesMatch "\.(php|php5|phtml)$">
Order Deny,Allow
Deny from all
</FilesMatch>
๐ Hii itazuia hackers kuweka na kuendesha mafaili ya PHP ndani ya uploads folder.
๐ก 5. Tumia Security Tools
ClamAV (Linux antivirus)
sudo apt install clamav
sudo freshclam
sudo clamscan -r /var/www/html/
Linux Malware Detect (maldet)
sudo apt install maldet
sudo maldet -a /var/www/html/
Website Security Scanner (Online):
Tembelea https://www.faulink.com
kupata zana za kuchambua usalama wa tovuti yako.
๐ง 6. Mifano ya Mafaili Hatarishi
<?php @eval(base64_decode("aWYoIWVtcHR5KCRfUE9TVFsnYyddKSl7...")); ?>
๐ซ Hii ni aina ya backdoor inayoweza kumpa hacker access kwenye server yako.
๐ 7. Baada ya Kugundua Faili Hatarishi
Backup tovuti nzima kabla ya kubadilisha chochote.
Futa faili zote zinazoshukiwa.
Badilisha password za database, cPanel, na admin panel.
Angalia kama kuna mafaili mapya yanayojirudia.
Weka scanning ya kila siku kwa automation.
๐ฏ 8. Njia za Kuzuia
Weka validation kali kwa uploads (ruhusu tu .jpg, .png, .pdf).
Tumia disable_functions kwenye php.ini:
disable_functions = exec,passthru,shell_exec,system
Sasisha (update) mara kwa mara CMS, PHP, na plugins zako.
Tumia backup za mara kwa mara.
Weka Web Application Firewall (WAF).
โ
Hitimisho
Kujua jinsi ya kugundua mafaili hatarishi ni moja ya ngao muhimu zaidi katika website cybersecurity.
Usisubiri website yako iharibiwe โ chukua hatua leo!
๐ Tovuti: https://www.faulink.com
๐ WhatsApp: https://wa.me/255693118509
๐ Rasilimali Zaidi
๐ฅ Tazama video ya ulinzi wa website hapa:
๐ YouTube: Website Security Basics
๐ Tembelea: https://www.faulink.com
๐ Wasiliana WhatsApp: https://wa.me/255693118509