Hi all!

I'm a sys admin for an ISP and one of my tasks is to look after our web hosting platform.

Looking through the data partition shows up all kinds of old, vulnerable software (like old phpbb, joomla etc..)

What I'd like to do is create an MD5 checksum database of all these kinds of files (download old, know vulnerable versions of polular software and md5 sum the files contained within). To create a kind of rkhunter, chkrootkit analogous program, but for web applications.

Once a set number of criteria are hit, a mail could be sent to the customer notifying them of their old software.

Are there any similar projects out there?
Do you think this would be worthwhile?

Cheers for your time

I don't think you'll have much luck with that. Tehre are many addons for PHPBB and only a small change is required divert from your "secure" hash to an "unsecure" one. While the intention is good I think you might generate too many wrong positives.

What I'd like to do is create an MD5 checksum database of all these kinds of files (download old, know vulnerable versions of polular software and md5 sum the files contained within). To create a kind of rkhunter, chkrootkit analogous program, but for web applications.


OWASP has a bit on Web Application Fingerprinting (http://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint), which sounds like what you're after. Since you admin the machines in question, it's perfectly reasonable to want to keep a close eye on the 50 billion versions of phpbb that may be running on your machine, and use your special disk-reading powers to do that (rather than rely on the black box testing favored by OWASP).

I do wonder if md5s are going to be too strict for that, though; you might want to come up with some looser criteria (like simple version strings in predictable locations).