Opened 13 years ago
Last modified 13 years ago
#213 new enhancement
Search users' web_scripts for known vulnerabilities
| Reported by: | adehnert | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | web | Keywords: | |
| Cc: |
Description
We should occasionally scan our users' web_scripts for known vulnerabilities, web shells, backdoors, and the like. Then we could proactively contact users before things became issues.
Change History (2)
comment:1 Changed 13 years ago by adehnert
comment:2 Changed 13 years ago by jdreed
I have poor interactive connectivity at the moment, so perhaps this has been discussed over zephyr, however I'd recommend some sort of communication to the effect that you're going to begin doing this. I'd also recommend picking a From: address and maybe Subject: prefix ahead of time and informing the users of these, to avoid the problems net-security usually encounters, which are along the lines of "I didn't understand the e-mail or recognize the sender, so I ignored it and/or blacklisted the address and/or changed my Kerberos password and assumed everything was fine".
See also #214.