Opened 10 years ago

Last modified 10 years ago

#213 new enhancement

Search users' web_scripts for known vulnerabilities

Reported by: adehnert Owned by:
Priority: normal Milestone:
Component: web Keywords:
Cc:

Description

We should occasionally scan our users' web_scripts for known vulnerabilities, web shells, backdoors, and the like. Then we could proactively contact users before things became issues.

Change History (2)

comment:1 Changed 10 years ago by adehnert

See also #214.

comment:2 Changed 10 years ago by jdreed

I have poor interactive connectivity at the moment, so perhaps this has been discussed over zephyr, however I'd recommend some sort of communication to the effect that you're going to begin doing this. I'd also recommend picking a From: address and maybe Subject: prefix ahead of time and informing the users of these, to avoid the problems net-security usually encounters, which are along the lines of "I didn't understand the e-mail or recognize the sender, so I ignored it and/or blacklisted the address and/or changed my Kerberos password and assumed everything was fine".

Note: See TracTickets for help on using tickets.