Scanning for vulnerable scripts

Forum Moderators: phranque

Message Too Old, No Replies

Scanning for vulnerable scripts

How to detect PHP/CGI/etc that may be vulnerable to spammer abuse

CritterNYC

2:06 am on Feb 17, 2006 (gmt 0)

My current webhost has been having quite a few issues lately with other customers on shared servers installing vulnerable scripts and then spammer and script kiddies taking advantage of those vulnerable scripts. This has resulted in numerous spam blacklist listings in the past few weeks (everything from SpamCop to ComCast to the US Army).

I was wondering if any other webmasters out there were aware of any solid tools to scan for the most commonly vulnerable scripts. Preferably one that can be configured to scan on a regular basis in a given IP range and email or page an alert to an admin so they can kill the script ASAP.

Any suggestions are appreciated.

physics

4:16 am on Feb 17, 2006 (gmt 0)

I don't have a specific script recommendation but I recommend the book "Google Hacking For Penetration Testers" for much more info on this topic. The hackers are probably finding the vulnerable scripts in Google so that's a good place to start looking.
Also some compaines offer this as a service, try looking for vulnerability scanning or something like that.

caran1

3:42 pm on Feb 17, 2006 (gmt 0)

I am also facing the same problem, my error logs (on AWstats) are showing that someone is trying to access ***/sscheduler.php which returns 404 errors
My total log size has just doubled because of the hacker and junk mails are generated from the server. Will limiting max_clients limit the hacker? Why do people do this? for fun or are they paid?

Lobo

3:46 pm on Feb 17, 2006 (gmt 0)

Yip! me too ...

I am having an auto responder sent to me from my own info@

I don't see the point in an info@mydomain.com sent to email account on mydomain.com just to generate an auto responce? at present I get about 5 per day ...

Gene_B

6:09 pm on Feb 17, 2006 (gmt 0)

They are just probing for addresses. I get a lot of garbage

From: ME @ Mywebsite.com

To: ME @ Mywebsite.com

info @ seems to be the most common, sales @ is next.