Does ConfigServer have an upload scanner, or a method to catch hacker files?
Posted: 11 May 2009, 08:23
I just spotted an upload scanner on a competitors site that looks very nifty, but it is very expensive at least for us.
The scanner will monitor files that are uploaded via FTP or php scripts, and will block and alert if for example someone tries to upload one of those r57shell scripts.
There are some very neat elements within CSF that, for example looks for executable files in the /tmp directory, there's even aspects that will alert of there are scripts that send email in each and every account on the server. SO, my question is, is there a similar service in CSF that will spot c99, r57shell, and other common hacker script uploads?
I know how to use "find" and "locate" at the shell to hunt for file names, but I am not sure how to use shell commands to look for command lines within files that may indicate the file is used as a hacker script. Seems like an upload scanner to do this on the fly would be ideal, but at least we could certainly use some sort of post upload scanner to look for typical hacker files.
Any ideas in this regard?
Thanks.
The scanner will monitor files that are uploaded via FTP or php scripts, and will block and alert if for example someone tries to upload one of those r57shell scripts.
There are some very neat elements within CSF that, for example looks for executable files in the /tmp directory, there's even aspects that will alert of there are scripts that send email in each and every account on the server. SO, my question is, is there a similar service in CSF that will spot c99, r57shell, and other common hacker script uploads?
I know how to use "find" and "locate" at the shell to hunt for file names, but I am not sure how to use shell commands to look for command lines within files that may indicate the file is used as a hacker script. Seems like an upload scanner to do this on the fly would be ideal, but at least we could certainly use some sort of post upload scanner to look for typical hacker files.
Any ideas in this regard?
Thanks.