phpGSB – PHP Google Safe Browsing

For the past couple of weeks I’ve been working on a PHP system that uses the Google Safe Browsing API to download blacklists and perform lookups on them with the goal of limiting the destructiveness of phishing and malware websites. Its still in a very early development phase (alpha) and there is still a lot left to be done but… it works! I’ve started a Google Code project for this at: http://code.google.com/p/phpgsb/ Any contributions or testers would be greatly appreciated!

phpGSB Main Version – 0.1 (ALPHA)

phpGSB is a PHP implementation using the Google Safe Browsing API. At current it does allow the following:

  • Updating of GSB lists to a MySQL database
  • Basic checking of URL’s against lists and then full-hash checks against the full GSB database
  • Caching of full-hash keys to minimise requests to the Google server

At current it does not allow the following:

  • Requests using MAC keys (integrity checks)

The main class is definitely not as efficient as it could be and has developed very quickly to meet the basic GSB specification; any contributions, bug fixes etc are very welcome!

If you have any problems please post in the Issues section, give as much information as you can, the more information given, the easier it is to find any problems you may be having.

Modified Post 14/08/10 (Now caches full-hashes)

19 thoughts on “phpGSB – PHP Google Safe Browsing”

  1. Thats odd, a 204 means that theres no match in the database for the URL which is fine but it should pick this up and handle it without a problem. Could you do this for me please:

    Find: $this->fatalerror(“ERROR: Invalid response returned from GSB ({$result[0][‘http_code’]})”);

    Replace: var_dump($result[0][‘http_code’]);
    $this->fatalerror(“ERROR: Invalid response returned from GSB ({$result[0][‘http_code’]})”);

    And let me know what it returns before the error message?

  2. hello, thank you for response πŸ™‚ i tried. but the problem is, the script only makes a download every 1800seconds? and the example google malware page dont get a positive response?

    best regards

  3. Well Google sets the rule that you can only download every 1800 seconds (I guess its so their server doesn’t get overloaded). So did you set the updater on a cron to go every minute? (it has to go every minute incase it encounters any errors previously etc.)
    And what exact URL are you testing with it?

  4. Hi Nicolas,
    Okay so its definately returning a 204 response header, can you now try:
    Find: $this->fatalerror(β€œERROR: Invalid response returned from GSB ({$result[0][‘http_code’]})”);

    Replace: var_dump($result[1]);
    $this->fatalerror(β€œERROR: Invalid response returned from GSB ({$result[0][‘http_code’]})”);

    The reason why its throwing the error is because $result[1] isn’t empty, when it should be with a 204 response. So if you could let me know what it outputs with the above code that’d be great. (So we can see what $result[1] contains.)

  5. Okay, finally..
    Find:
    elseif($result[0][‘http_code’]==204&&empty($result[1]))

    Replace:
    elseif($result[0][‘http_code’]==204&&strlen($result[1])<=0) This should fix the problem, the response from GSB isn't returning any data which is fine with a 204 response. Not sure why its returning bool(true) but I'll add this as an issue to look into.

  6. Replacing the line by

    elseif($result[0][‘http_code’]==204&&strlen($result[1])<=0)

    didn't work.

    So I rather replaced the line by

    elseif($result[0]['http_code']==204&&$result[1])

    and it works fine πŸ™‚

  7. What you replaced it with isn’t really correct as now it is saying:
    If the http code is 204 but there was content then return everything okay.
    Where as it should be saying:
    If the http code is 204 and and there wasn’t body then return everything okay.

    It may work in your implementation for now; however I’ll have to do some further testing to get this correctly fixed. I’ll update you soon when I get a full update done πŸ™‚

  8. FWIW, your URL checker posted in comment #4 is not working. After every submit it just returns “GOT THIS FAR”.

    I also posted on the Google Code issue queue as the v1.2 software seems to return FALSE (not malicious) for each URL.

  9. Sorry, was doing some debugging on it the other night and left some code in there, should be working now.
    I’ve replied to your issue on google code.

  10. Hi,

    I get this error when I try to execute listupdater.php

    phpGSB Loaded…
    Connected successfully to database server…
    Connected to database successfully…

    Warning: file_get_contents(nextcheck.dat) [function.file-get-contents]: failed to open stream: No such file or directory in C:\Users\acer\Desktop\xampp\htdocs\New Folder\phpgsb.class.php on line 175
    Allowed to request…
    Using googpub-phish-shavar; goog-malware-shavar; …
    Begin MySQL Transaction…

    Fatal error: Call to undefined function curl_init() in C:\Users\acer\Desktop\xampp\htdocs\New Folder\phpgsb.class.php on line 188

    Any idea? Thanks in advance. πŸ™‚

  11. I am running your “lookup.php” script (have been downloading the database for about 16 hours now) and I get bool(false) for the http://www.google.com lookup but I get nothing at all returned for the http://www.gumblar.cn lookup.

    How long does it take for the database to fully populate?

    Also, even if http://www.gumblar.cn is not in the database yet, surely it should still return something? I get literally nothing returned (I even commented out the Google lookup to confirm this).

    Any ideas?

  12. I have also noticed that my database is no longer growing in size (for about the last 12 hours) how can I verify that it is fully populated or that the updater script is still working? I am receiving no errors, I have my cron job outputting to a log file and no errors reported, no mysql errors, no syslog errors but the database doesn’t get any bigger?

  13. OK the script literally started working in the last couple of minutes so I am guessing the database wasn’t fully populated yet. I still don’t understand why my database didn’t grow in size for the last 12 hours despite the updater log showing a lot of chunks grabbed?

Leave a Reply

Your email address will not be published. Required fields are marked *