Server Security Help - GoFuckYourself.com

Tipsy · 04-15-2006, 11:06 AM

A quick question:

One of our servers has been used for spamming. We're almost certain it's via an exploit in a script such as an unsecure form etc. We're currently wading through logs to track it down (mod_security isn't stopping it) but in the meantime does anyone know of a decent scanner that will check a server for known vulerabilities like that?

Most I can find are program specific such as something that looks for unsecure phpbb's. Are there any programs that check for a broad range of possible exploits?

IceMaster · 04-15-2006, 11:16 AM

chkrootkit --> http://www.chkrootkit.org/

Tipsy · 04-15-2006, 11:20 AM

Thanks but no help. It's thankfully not rootkit related (run both the rootkit checkers) and as I say pretty certainly a script which will eventually be tracked down via the logs (I hope).

It'd be nice to have something to scan for stuff like this though. Given the amount of exploits in the 1000's of script out there you'd have thought someone would have a nice little script that looks for them

BigBen · 04-15-2006, 11:27 AM

http://www.nessus.org/

chaze · 04-15-2006, 11:31 AM

Quote:

Originally Posted by IceMaster

chkrootkit --> http://www.chkrootkit.org/

this is the industry standard right now.

Tipsy · 04-15-2006, 12:46 PM

Quote:

Originally Posted by BigBen

http://www.nessus.org/

Thanks - shame their latest release doesn't seem to support bsd 4.9 though

Only 5+.

I may give it a go anyway and just copy across any missing bsd5 binaries see if I can get it running.

04-15-2006, 11:06 AM	#1
Tipsy Confirmed User Join Date: Jul 2001 Location: See sig Posts: 6,989	Server Security Help A quick question: One of our servers has been used for spamming. We're almost certain it's via an exploit in a script such as an unsecure form etc. We're currently wading through logs to track it down (mod_security isn't stopping it) but in the meantime does anyone know of a decent scanner that will check a server for known vulerabilities like that? Most I can find are program specific such as something that looks for unsecure phpbb's. Are there any programs that check for a broad range of possible exploits? __________________ Ignorance is never bliss.

04-15-2006, 11:20 AM	#3
Tipsy Confirmed User Join Date: Jul 2001 Location: See sig Posts: 6,989	Thanks but no help. It's thankfully not rootkit related (run both the rootkit checkers) and as I say pretty certainly a script which will eventually be tracked down via the logs (I hope). It'd be nice to have something to scan for stuff like this though. Given the amount of exploits in the 1000's of script out there you'd have thought someone would have a nice little script that looks for them __________________ Ignorance is never bliss.

04-15-2006, 11:16 AM	#2
IceMaster Confirmed User Join Date: Jan 2005 Posts: 8,920	chkrootkit --> http://www.chkrootkit.org/

04-15-2006, 11:27 AM	#4
BigBen Confirmed User Join Date: Nov 2004 Location: scv Posts: 2,299	http://www.nessus.org/