Reading Internet

I'm sometimes checking out the ticket support system of a friend of mine. Today, I read a message he sent out to a customer, that this guy's account would be temporarely closed because of a big security breach in his Joomla! install. Not only has it been massively infected with Worm data, but also has been used to send tons of spam mail.

So up comes the idea: Why not buillt a mere scan tool which would be started frequently (using cron/anacron) to scan a single server system for possible security holes of apps written in PHP, Perl and similar programming languages.

For starters, this tool should just scan bigger. commonly used OSS projects like Joomla, WordPress, osCommerce, phpBB, phpNuke, etc.

Probably there's something like this already out there - but if not so, who wants to get a head start with this? And if so, where could I possibly find such tools?

Thanks for listening to my brawlings,
cu, w0lf.

Fuck off the 30 seconds posting limit!

This post was edited by ginsterbusch on Aug 03, 2007.

My FreeBSD server sends me a daily security status mail including the output of portaudit (English thinggie here). It doesn't get much easier than that :-)

"God is dead." - Nietzsche, 1882 "Nietzsche is dead." - God, 1900

This post was edited by null on Aug 03, 2007.