Check out CXS... ConfigServer eXploit Scanner (cxs)... This will scan for scripts (regardless of the name of the script) that have code that accesses the /etc/passwd file... You can set the scanner to remove and quarantine those scripts...
Also, there are mod_security rules you could add to prevent execution of the scripts...
https://www.atomicorp.com/products/modsecurity.html
Also, there are mod_security rules you could add to prevent execution of the scripts...
https://www.atomicorp.com/products/modsecurity.html
Yes, you could code something yourself 
Be fair, people deserve payment for coding decent scripts and I'd highly recommend CXS
Be fair, people deserve payment for coding decent scripts and I'd highly recommend CXS
You can install mod_security with delayed rules on your server to protect your /etc/passwd file
http://updates.atomicorp.com/channels/rules/delayed/
Atomic ModSecurity Rules - Atomicorp Wiki
http://updates.atomicorp.com/channels/rules/delayed/
Atomic ModSecurity Rules - Atomicorp Wiki
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| G | How do you block .ir etc from sending emails on my server? | Security | 1 | |
| M | Permits in file /etc/rc.d/rc.local | Security | 7 | |
| M | Cant get lsphp command whitelisting in /etc/csf/csf.pignore to work | Security | 6 | |
| D | mod_security && c99shell anyone help please ? | Security | 6 | |
| D | C99shell exploit | Security | 5 |