The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Script to detect vulnerabilities in popular CMS?

Discussion in 'Security' started by osiem, Sep 15, 2013.

  1. osiem

    osiem Registered

    Joined:
    Sep 14, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Typically, administrators will look for scripts that are outdated and recommend their clients to upgrade to the latest versions of those scripts. I am not aware of any third-party applications that will do this automatically.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I know of paid services, but not a free script.

    I've previously used the company 6scan, who would e-mail me whenever one of my web apps had a new vulnerability. Mods, If giving them a plug here is not allowed please edit my post and remove this.
     
  4. lbeachmike

    lbeachmike Well-Known Member

    Joined:
    Dec 27, 2001
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Long Beach, NY
    cPanel Access Level:
    Root Administrator
    Hi there -

    I came across this -

    Penetration Testing with the Joomla Security Scanner

    It looks interesting, but I've not had the chance to figure it out and give a try yet. If you do, please post about it.

    It seems to work in conjunction with this -

    BackTrack Linux - Penetration Testing Distribution

    If you find any other solutions, please let us know. I've come across some very high-quality Wordpress security plug-ins, but nothing yet at the server level.

    Thanks.

    Mike
     
  5. MesinHosting

    MesinHosting Member

    Joined:
    Mar 25, 2011
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    using clamav default from cpanel installation i think it's quite good
     
  6. lbeachmike

    lbeachmike Well-Known Member

    Joined:
    Dec 27, 2001
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Long Beach, NY
    cPanel Access Level:
    Root Administrator
    Not with the stock virus sigs it's not. It's actually pretty horrible. I had an account with about 20-30 shells and various malware uploaded and it didn't detect a single one.

    On the other hand, when I uploaded the Wordpress Plug-in "Wordfence" to that same account, it detected all of these.

    They were really basic too - .gif files with malware code, and .htaccess malware. Clam should have easily detected those. Clearly the Clam signatures leave a lot to be desired.

    I've been looking at Scamp to get third party signatures added, but haven't had to time to try it yet.

    mrk
     
Loading...

Share This Page