Web host file scanner

[hexbase]

I've developed an small script to check user files for certain strings, to check if they store scam.
It reads plain files and check if their content matches any signature you want, stored as a regex string in xml files.
Files must match some extension, by default, only .php, .html, .htm and .pl files are processed.
Every file that matches a signature is logged on a file of your choice.

For now, it only has signatures for paypal and facebook and some php shells, but more will be added on next releases, as final users submit files to be added.
It's in alpha stage so any suggestions are welcome. In fact, any help is welcome. You are free to join the project as developer.

The project site is sourceforge.net/projects/wh-fs/

Give it a try. I hope you find it useful.

 

[bobjc]

Wow, I must try it out. It makes our life easier! Thanks!!!

 

[WL-Michael]

Looks pretty interesting, I'm always up for trying new scripts and such. I've written several of them myself as well.

 

[financing]

For you guys who manage a web host, I've created an script to check for scam/malicious files.
You can define your own rules, so, for example, you can check for proxy or torrent scripts.
The default rules look for paypal, facebook scams and for some common unobfuscated shells.
It's opensource.

Read more in the website -> wh-fs.sourceforge.net

Give it a try. I hope you like it.

 

[financing]

If you talk about those web app hardening services they provide, they are completely different.
This script works by statically scanning files, for certain signatures, so it doesn't secure your app, it just protects the server from malicious files.

 

[financing]

It reads plain files and check if their content matches any signature you want, stored as a regex string in xml files.
Files must match some extension, by default, only .php, .html, .htm and .pl files are processed.
Every file that matches is logged on a file of your choice