Check out CXS... ConfigServer eXploit Scanner (cxs)... This will scan for scripts (regardless of the name of the script) that have code that accesses the /etc/passwd file... You can set the scanner to remove and quarantine those scripts...
Also, there are mod_security rules you could add to prevent execution of the scripts...
https://www.atomicorp.com/products/modsecurity.html
Also, there are mod_security rules you could add to prevent execution of the scripts...
https://www.atomicorp.com/products/modsecurity.html
Yes, you could code something yourself 
Be fair, people deserve payment for coding decent scripts and I'd highly recommend CXS
Be fair, people deserve payment for coding decent scripts and I'd highly recommend CXS
You can install mod_security with delayed rules on your server to protect your /etc/passwd file
http://updates.atomicorp.com/channels/rules/delayed/
Atomic ModSecurity Rules - Atomicorp Wiki
http://updates.atomicorp.com/channels/rules/delayed/
Atomic ModSecurity Rules - Atomicorp Wiki
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
|
SOLVED Correct GID for nobody in /etc/sysctl.conf CL8 | Security | 3 | |
| B | The system cannot install the fetched certificate (EXPIRES_SOON). | Security | 3 | |
| M | AutoSSL fail for cPanel virtual domains (webmail, webdisk etc.) | Security | 3 | |
| D | mod_security && c99shell anyone help please ? | Security | 6 | |
| D | C99shell exploit | Security | 5 |