monkeytooth Posted September 21, 2010 Share Posted September 21, 2010 Does anyone know of any good apps or actual scripts preferably free as I have no money to drop on this. That can scan and audit a site for vulnerabilities? I have recently aquired a client that has various old sites most built on php4 some built on php5 but the previous coder was a quick dirty coder. Hacking 3rd party scripts apart for use on the site. To just throwing up shawdy custom code with little to no security, and due to that coders neglect my client has a handful of sites that are suffering a **** storm of trouble from different exploits. One site someone got in and hijacked the traffic from search engines and injected a Trojan dropping script on almost all the files on the server. Another site on a different server has some kind of hijack that involves thousands of emails being sent an hour. And well I need to figure out how to put an end to it, but tracking down the potential security flaws where known exploits will attempt to hit, and then patch them myself. Reason I am looking for a tool to help scan and audit is because each site has something well over 4,000+ files per, and I am just coming on to this project and like i said prior the guy before me.. messy. So in short does anyone know a good security audit tool/script that I could use.. free? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted September 21, 2010 Share Posted September 21, 2010 Google 'php xss vulnerability scan' XSS isn't the only thing you should be checking. You need to secure your forms using CAPTCHA to prevent bots using them and potentially sending email through them. Also shared servers are the worst to deal with for attacks. As they are shared, if another user of the server has a unsecure script it can lead to other users on the server suffering as files end up getting modified. Quote Link to comment Share on other sites More sharing options...
monkeytooth Posted September 21, 2010 Author Share Posted September 21, 2010 Thank you, XSS is something I was intent on checking, capcha good idea, didnt think about that. You have any other suggestions as to what I may want to look for, in terms of scanning.. terms for them I mean? Quote Link to comment Share on other sites More sharing options...
monkeytooth Posted September 21, 2010 Author Share Posted September 21, 2010 again it would be much appreciated if someone knows a good scanner or set of scanners, or any tools.. preferably free. As all my searches are coming up empty handed as they all yield the sites that are like fill out this form, pay this much, try the trial.. but provider your CC. Its not my site, I am not getting paid enough to go through the hassle of filling out form after form im just hoping to find a couple quick free tools to either scan the version online or scan a copy I have on my PC either way.. Sorry if I sound rude, Im physically tired and frustrated with this client of mine.. Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted September 21, 2010 Share Posted September 21, 2010 Have you tried the Firefox plugin? https://addons.mozilla.org/en-US/firefox/addon/7598/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.