UPDATED...
Principle of operations is the same as detecting mailer scripts or change in binary files. The script would notify you when files with base64 are uploaded and needed for inspection or when symlinks are created within the /home directory. It is meant to help administrators administrators quickly find websites that are vulnerable because of the changes that need a closer look.
If able, it would be cool if the email notice could also include the IP addresses from log entries that match the HTTP request of where the symlink was called from and execute upon them in a threshold is met much like the feature that is tied to the bluehost patch (I used Rack911's). Here is the command to find all symlinks in the /home directory: find /home*/*/public_html -type l
V/R,
Frank
LFD Dectection for Symlinks & Base64
Re: LFD Dectection for Symlinks & Base64
I updated the thread to include base64 in files along with the command to find symlinks.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: LFD Dectection for Symlinks & Base64
This type of functionality is provided by our cxs product and isn't going to be added to csf.