Early Warning Exploit Checker

Early warning exploit checker used to detect possible exploits being distributed by websites.

Script used to detect possible exploits being distributed by websites. Simple regular expressions used to determine potential problems based on collected data. These are greedy and produce many false positives which can be white listed on a case by case basis. This script does not give a definitive result as to whether the site is exploited or not however it can give a good hint.

Background

We host several thousand websites spread across the globe on dozens of shared and dedicated hosting accounts. These accounts are managed via plain unsecured FTP with passwords that are not only weak but shared by multiple users. Occasionally our accounts become compromised and code is injected into the served pages generally causing visitors to download malware.

Download

1. Clone the Github repo: https://github.com/rumpranger/EarlyWarningExploitChecker.git
2. The zip from my Github: https://github.com/rumpranger/EarlyWarningExploitChecker

Quick start

• Refer to example.php
• Make sure that cookies.txt is writable by web/cli user
• Create a new PageRequest with the url you wish to test
• Create a new ExploitChecker inserting the above PageRequest as an argument
• Run the script from the command line or open it up in a browser

White Listing

1. domains: add the domain you wish to white list to the ExploitChecker::_whitelist array.
2. error checks: add a coma separated list of error codes to skip (see example.php)

Contributing

Anyone and everyone is welcome to contribute.