Note: This application runs standalone and does not require a CMS Builder installation to be used.
When your client's website gets hacked, it doesn't matter whether it's through an unpatched blog application their former developer left on the server, or a vulnerable formmail script that came with the hosting package, they'll be looking to you to solve the problem.
Exploit Scanner makes it easy to quickly detect hacks and identify modified files. With over 40 patterns it can recognize known malware as well as use heuristics to find malicious code patterns.
Website hacks are becoming more and more common and almost all website hacks these days are automated. Rather than sitting in front of a computer, hackers* use automatic scripts to scan thousands of websites an hour for known security vulnerabilities and weaknesses. These are usually found in old versions of popular web scripts such as: WordPress, email forms, image galleries, etc.
Once a hacker gains access to a vulnerable server or web hosting account, they can then use it to send spam email, redirect traffic to other websites, host malware, or even use the server to try and compromise or attack other servers.
Even if the changes are minimal or undetected, they can have a devastating effect on a website's traffic, revenue, and reputation. Possible repercussions include:
- losing traffic (search engines and anti-virus programs may block website)
- getting temporarily banned by Google for hosting malware
- getting banned by email gateways for sending spam
- losing customers if website visitors see malware warnings, viagra links,
- reduce search engine ranking or complete removal from search engines
- slow website performance (if server resources are being redirected by hackers)
- exceeded quotas and overage fees for bandwidth and CPU time
Exploit Scanner runs from the web or the command-line and gives you a powerful arsenal of tools to detect hacked files. Just upload the xs.php script to your website root and run it through your browser for an instant report. Or for more advanced users, login from the command line to scan multiple websites at a time, generate scan logs, detect recently modified files, or show warnings for suspect files.
*Note: For the purposes of this document we use the term "hacker" to refer to a malicious user who is intent on gaining illegal access to a computer system or network by bypassing or breaking the security system. The term can also be used in a positive context to refer to hobbyists or the programmer subculture that includes the pioneers of the internet. For more information see: http://en.wikipedia.org/wiki/Hacker_definition_controversy#Hacker_definition_controversy