Insecure phpBB scripts wreak havoc on the servers I administer, allowing users to upload malicious scripts and in general cause trouble. I am currently working to implement a solution to keeping all phpBB installations on a webserver up to date, in order to prevent attacks. I have written a python script that finds all old viewtopic.php scripts so far. More will come soon. I just wanted to post my progress here for two reasons: 1) Share something that might be useful to others 2) Find out if I'm reinventing the wheel I intend to find a way to automatically update each script encountered that is old using the patch method, however, some installations are almost certainly further back than 1 version. Any comments, suggestions, whatever are appreciated. Code: # phpBBscan.py: looks for old phpBB installations # author: firstname.lastname@example.org # this is public domain - do whatever you want with it import os import string # 2.0.15 latest_phpbb = "Id.*1\\.186\\.2\\.41" # 2.0.14 # latest_phpbb = "Id.*1\\.186\\.2\\.40" # get the list of viewtopic.phps filenames = os.popen("slocate viewtopic.php") nobody_uid = int(os.popen("grep nobody /etc/passwd").read().split(":")) nobody_gid = int(os.popen("grep nobody /etc/passwd").read().split(":")) os.setgid(nobody_gid) # need to be nobody group too os.setuid(nobody_uid) # we are now nobody for filename in filenames: filename = filename[:-1] # remove newline from filename parentdir = filename.split("/")[:-1] parentdir = "/".join(parentdir) print "Found possible phpBB install at", repr(filename) + ", checking if accessible...", if not os.access(parentdir, os.X_OK): # we can't get to the parent directory print "parent directory not accessible." elif not os.access(filename, os.R_OK): print "file not accessible." else: print "accessible; checking for latest version...", found = os.popen("grep " + latest_phpbb + " " + filename) if not found.read(): # we didn't find the correct version print "INSECURE!" else: print "latest version"