Hi,
I am a PHP developer and am working for a company. I used to develop CMS for websites for it's clients but the company used to treat me like shit. I mean really really bad. I was always booed and had to do anything everything asked by my boss as i was a graduate with no prior experience.
Right from the first project onwards i wrote a file deletion function in all the client's custom CMSs. I would like to know if there is any security audit log being maintained by the company on its server? They have both windows and php servers. My boss doesn't have any prior technical knowledge. Infact i am the only one technical person with a valid computer science engineering certificate at hand. Is it possible to know if the security audit is turned on or not? If so, how can i check it out on both platforms? What sort of information will be displayed...like will it show my IP address and MAC address?? Thanks.
unikorndesigns
Octet 45
It all depends on how the systems are setup, by any access to a computer system whether via some sort of backdoor or through a legitimate means shall normally leave a log.
It shall likely record your IP, what time it was accessed, what was viewed and what (if any) modifications have been made. Besides, unless the servers have been set up in such a poor way, a PHP script won't be able to do much damage at all to the servers themselves, and any database should be backed up so in the long term you won't make a dent.
At this point, I should point out that running the file deletion function is highly illegal, and is a Level 3 computer crime which can result in a singificant fine and imprisonment.
There was a case once where a person wrote a similar sort of thing to you (not in PHP though, I think it was in C#), but it was a time based one and when the company dismissed him without due course he triggered it with the threat that if he didn't recieve compensation by X date the system would go off. The system did trigger and wiped their entire computer systems... he was placed in prison for doing so.
If you did trigger the system and it did do anything, then when the police sieze your computers there shall be all the evidence they need from your forum post, so you would instantly place yourself in the loop even if there where no logs.
Put it this way, don't do anything stupid, speak to your union if you feel that you are being unfairly treated, but if it is just a case of "I have to do everything my boss tells me to do" then that is what a job involves.
Good luck.
unikorndesigns
Hmm...thanks for the reply AHarrisGsy!! Much appreciated!
