petskratt/dumb-sec.php

## dumb-sec.php
<?php
/**
 * A really dumb tool for ad-hoc PHP request logging - mostly useful to find malicious POST / cookie / etc payloads
 *
 * prepend with php.ini or .user.ini to cover all requests:
 *        auto_prepend_file = /[full-path-to-location]/dumb_sec.php
 *
 * @author  : Peeter Marvet (peeter@zone.ee)
 * @version 0.3
 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL
 *
 * v0.3 / 20.08.2019
 * - include agent (if present)
 * v0.2 / 04.02.2018
 * - avoid logging pwds and wordpress auth cookies
 * - destroy used variables (for OCD, mostly)
 * v0.1 / 17.12.2017
 * - initial version
 */

if ( ! empty( $_POST ) ) {

	// request parameters that could contain password, must match exactly
	$neuter_params = [ 'pwd', 'password', 'pass1', 'pass1-text', 'pass2' ];

	// optionally: remove 'false &&' to allow storage of passwords for non-local IPs
	if ( false && ! empty( $_ENV['MM_COUNTRY_CODE'] ) && $_ENV['MM_COUNTRY_CODE'] !== 'EE' ) {
		$neuter_params = [];
	}

	// request cookies that could be mis-used, must begin with
	$neuter_cookies = [ 'wordpress_' ];

	$request_safe = $_REQUEST;

	// mask sensitive parts

	foreach ( $neuter_params as $param ) {
		if ( ! empty( $request_safe[ $param ] ) ) {
			$request_safe[ $param ] = str_repeat( '*', mb_strlen( $request_safe[ $param ] ) );
		}
	}

	foreach ( $request_safe as $key => $value ) {
		foreach ( $neuter_cookies as $cookie ) {
			if ( strpos( $key, $cookie ) === 0 ) {
				$request_safe[ $key ] = '**hidden**';
			}
		}
	}

	$log = [
		date( 'c' ),
		$_SERVER['REMOTE_ADDR'],
		$_SERVER['REQUEST_URI'],
		json_encode( $request_safe ),
	];

	file_put_contents( dirname( __FILE__ ) . '/dumb_sec.log', implode( " ", $log ) . PHP_EOL, FILE_APPEND );

	// if present - sends data to Mallory

	include 'dumb_agent.php';

	// destroy used variables (free some memory + avoid problems if used in app without proper initialisation)

	unset ( $request_safe, $log, $neuter_params, $neuter_cookies, $key, $value, $param, $cookie );

}
	<?php
	/**
	* A really dumb tool for ad-hoc PHP request logging - mostly useful to find malicious POST / cookie / etc payloads
	*
	* prepend with php.ini or .user.ini to cover all requests:
	* auto_prepend_file = /[full-path-to-location]/dumb_sec.php
	*
	* @author : Peeter Marvet (peeter@zone.ee)
	* @version 0.3
	* @license https://www.gnu.org/licenses/gpl-3.0.html GPL
	*
	* v0.3 / 20.08.2019
	* - include agent (if present)
	* v0.2 / 04.02.2018
	* - avoid logging pwds and wordpress auth cookies
	* - destroy used variables (for OCD, mostly)
	* v0.1 / 17.12.2017
	* - initial version
	*/

	if ( ! empty( $_POST ) ) {

	// request parameters that could contain password, must match exactly
	$neuter_params = [ 'pwd', 'password', 'pass1', 'pass1-text', 'pass2' ];

	// optionally: remove 'false &&' to allow storage of passwords for non-local IPs
	if ( false && ! empty( $_ENV['MM_COUNTRY_CODE'] ) && $_ENV['MM_COUNTRY_CODE'] !== 'EE' ) {
	$neuter_params = [];
	}

	// request cookies that could be mis-used, must begin with
	$neuter_cookies = [ 'wordpress_' ];

	$request_safe = $_REQUEST;

	// mask sensitive parts

	foreach ( $neuter_params as $param ) {
	if ( ! empty( $request_safe[ $param ] ) ) {
	$request_safe[ $param ] = str_repeat( '*', mb_strlen( $request_safe[ $param ] ) );
	}
	}

	foreach ( $request_safe as $key => $value ) {
	foreach ( $neuter_cookies as $cookie ) {
	if ( strpos( $key, $cookie ) === 0 ) {
	$request_safe[ $key ] = 'hidden';
	}
	}
	}

	$log = [
	date( 'c' ),
	$_SERVER['REMOTE_ADDR'],
	$_SERVER['REQUEST_URI'],
	json_encode( $request_safe ),
	];

	file_put_contents( dirname( __FILE__ ) . '/dumb_sec.log', implode( " ", $log ) . PHP_EOL, FILE_APPEND );

	// if present - sends data to Mallory

	include 'dumb_agent.php';

	// destroy used variables (free some memory + avoid problems if used in app without proper initialisation)

	unset ( $request_safe, $log, $neuter_params, $neuter_cookies, $key, $value, $param, $cookie );

	}