LFD Dectection for Symlinks & Base64
Posted: 18 Sep 2013, 03:40
UPDATED...
Principle of operations is the same as detecting mailer scripts or change in binary files. The script would notify you when files with base64 are uploaded and needed for inspection or when symlinks are created within the /home directory. It is meant to help administrators administrators quickly find websites that are vulnerable because of the changes that need a closer look.
If able, it would be cool if the email notice could also include the IP addresses from log entries that match the HTTP request of where the symlink was called from and execute upon them in a threshold is met much like the feature that is tied to the bluehost patch (I used Rack911's). Here is the command to find all symlinks in the /home directory: find /home*/*/public_html -type l
V/R,
Frank
Principle of operations is the same as detecting mailer scripts or change in binary files. The script would notify you when files with base64 are uploaded and needed for inspection or when symlinks are created within the /home directory. It is meant to help administrators administrators quickly find websites that are vulnerable because of the changes that need a closer look.
If able, it would be cool if the email notice could also include the IP addresses from log entries that match the HTTP request of where the symlink was called from and execute upon them in a threshold is met much like the feature that is tied to the bluehost patch (I used Rack911's). Here is the command to find all symlinks in the /home directory: find /home*/*/public_html -type l
V/R,
Frank