English
English
In website development, the file upload function is a common and important module, but it also brings security risks. An attacker may upload malicious files, endangering the security of the server. To prevent this type of risk, a commonly used method is to determine whether the uploaded file is a known malicious file by the hash value of the file (such as MD5).
This article will introduce how to use the PHP built-in function md5_file() to combine the MD5 value list of known malicious files to determine whether the uploaded file is at risk.
md5_file() is a function in PHP that calculates the MD5 hash value of a specified file. Unlike md5() , md5() hashs a string, while md5_file() directly calculates the hash of the file content, which is suitable for detecting whether the file is consistent.
Usage example:
$hash = md5_file('/path/to/file.txt');
echo $hash;
The return value is the 32-bit hexadecimal MD5 value of the file content.
Maintain a list of MD5 hash values for known malicious files, stored in an array or database.
After the user uploads the file, save the file to a temporary directory.
Use md5_file() to calculate the hash value of the file.
Determines whether the hash value is in the malicious list.
If it exists, the file is not uploaded or deleted; otherwise, uploading is allowed.
The following example demonstrates a simple file upload and detecting malicious files:
<?php
// Malicious files are known MD5 List(Example)
$malicious_md5_list = [
'd41d8cd98f00b204e9800998ecf8427e', // 空文件Example
'5d41402abc4b2a76b9719d911017c592', // 其他恶意文件Example
];
// Determine whether there are files uploaded
if (isset($_FILES['upload_file']) && $_FILES['upload_file']['error'] === UPLOAD_ERR_OK) {
$tmpFilePath = $_FILES['upload_file']['tmp_name'];
// Calculate the file MD5 value
$fileMd5 = md5_file($tmpFilePath);
// Check if it is a malicious file
if (in_array($fileMd5, $malicious_md5_list)) {
echo "The uploaded file is detected as a known malicious file,Upload failed。";
// You can choose to delete temporary files or log logs
unlink($tmpFilePath);
} else {
// Move the file to the target directory
$destination = __DIR__ . '/uploads/' . basename($_FILES['upload_file']['name']);
if (move_uploaded_file($tmpFilePath, $destination)) {
echo "File upload successfully。";
} else {
echo "File saving failed。";
}
}
} else {
echo "No upload file was detected or upload error。";
}
?>
Malicious file library update : It is important to maintain a latest malicious file hash library and it is recommended to update it regularly.
MD5 Collision Risk : MD5 has been proven to have a collision risk, and in extreme cases an attacker may construct a file with the same hash. Consider using a safer hash function like SHA256 (using hash_file('sha256', $file) ).
Multiple detection mechanism : Don’t rely solely on hash detection, it is best to combine multiple measures such as file type verification, file extension restriction, content scanning (such as antivirus software).
Permission security : Reasonable permissions are required to upload directories to prevent malicious files from being directly executed.
Using PHP's md5_file() function, you can quickly determine whether the content of the uploaded file matches known malicious files, helping to improve the security of uploading files. Combining a complete malicious file hash library and multiple protection measures can effectively prevent malicious files from causing harm to the server.
