Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to try a php based software. It is encrypted and I am scared, it might send out important information to the software vendor site(s)
Since the code is encrypted so i cannot check the code to verify this. I wanted to install some tool or use any command which can show me if the software sends / calls any third party site anywhere in the software.
You could load it in a Virtual machine or isolated physical machine with Netfilter blocking traffic plus 0) "-j LOG" rules or 1) a packet sniffer like tcpdump or 2) the network disabled (hoping it will complain) or 4) preloading some proxy like Dante or route all traffic through a proxy. Since this could be a commercial product (which one, details?) in-depth debugging might be a valid option but against the license.
Thank you guys for your replies. I do not want to debug / steal any code from the software. The software company is not scared of that either. I have written my own software which is far better than this one. The only thing is that one of our client wants it to be installed on his VPS (whm/cpanel) to track his PPC sales. The problem is that most of the people think this software steals keywords lists and CTR information from customers and load it to the company site for their use. So I am not after stealing any code from the software but to avoid any possible theft of important information from my client.
Anyway, I have decided to install it on a internet-less machine and check all features, if it does communicate with company site, it will break on those part of the software.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.