Jump to content

Recommended Posts

Does anyone know of any good apps or actual scripts preferably free as I have no money to drop on this. That can scan and audit a site for vulnerabilities? I have recently aquired a client that has various old sites most built on php4 some built on php5 but the previous coder was a quick dirty coder. Hacking 3rd party scripts apart for use on the site. To just throwing up shawdy custom code with little to no security, and due to that coders neglect my client has a handful of sites that are suffering a **** storm of trouble from different exploits. One site someone got in and hijacked the traffic from search engines and injected a Trojan dropping script on almost all the files on the server. Another site on a different server has some kind of hijack that involves thousands of emails being sent an hour. And well I need to figure out how to put an end to it, but tracking down the potential security flaws where known exploits will attempt to hit, and then patch them myself. Reason I am looking for a tool to help scan and audit is because each site has something well over 4,000+ files per, and I am just coming on to this project and like i said prior the guy before me.. messy.

 

So in short does anyone know a good security audit tool/script that I could use.. free?

Link to comment
https://forums.phpfreaks.com/topic/213960-site-auditing-scripts/
Share on other sites

Google 'php xss vulnerability scan'

XSS isn't the only thing you should be checking. You need to secure your forms using CAPTCHA to prevent bots using them and potentially sending email through them.

Also shared servers are the worst to deal with for attacks. As they are shared, if another user of the server has a unsecure script it can lead to other users on the server suffering as files end up getting modified.

again it would be much appreciated if someone knows a good scanner or set of scanners, or any tools.. preferably free. As all my searches are coming up empty handed as they all yield the sites that are like fill out this form, pay this much, try the trial.. but provider your CC. Its not my site, I am not getting paid enough to go through the hassle of filling out form after form im just hoping to find a couple quick free tools to either scan the version online or scan a copy I have on my PC either way.. Sorry if I sound rude, Im physically tired and frustrated with this client of mine..

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.