Hey,

Just wanted to post a notice about a new tool for web hosts known as OldScriptFinder. It tracks all scripts installed on your server and their versions. Allowing you an automated way to notify clients about outdated and insecure scripts they may have installed. It currently can track something like 100 popular scripts (no matter if they were installed manually or with Fantastico ) and more scripts are being added to the database all the time. It has a regular update system so it will always know when a new version or security update is released for all of the scripts it tracks. Oldscriptfinder also has a plug-in to work easily from within cpanel/WHM.

The website hosting company I work for has been using it successfully for over a month now (it's extremely helpful with both command line options and a control panel with in WHM). I know the guy who wrote the script but I have no financial involvement in his company/business but I figured hosts out there would want to know about it since insecure scripts can be a major headache for hosting companies and their staff. Finally there is an easy way to track them down and keep your clients accountable for the things they install.

Thanks!

This looks fairly new, google only pulled up a few finds on "OldScriptFinder".

Interesting enough, would help keep your staff from working on people's scripts only to find out it's outdated.

any url for the script ?

I can't post a URL yet. I used to have an account with WHT that I used for a couple years but it's long gone now (I don't have the email or the username/password anymore). If you search oldscriptfinder in google it should come up in the first results.

Somebody should make something to check OS modules too. I find these are a lot harder to keep track of, than scripts. (Like firewalls, kernal stuff [stuff I know little-to-nothing about!])

I searched "oldscriptfinder", but only this topic and something from some hosting site that uses it, came up.

I found this:

www.oldscriptfinder.com (http://www.oldscriptfinder.com)

Pretty sure that's what he was referring too, but if not then please correct me.

I ended up on that site too, long after I posted though :)
Looks interesting.. but I'm more interested in an OS version.

Any chance your friend will develop one, GuySmiley? I'd be willing to pay $100+ for it.

Wow, this is great. Save a heck of a lot of work. Thanks for posting about it!

Very handy, good work.

Interesting little tool. How often does it update ? ie. to keep track of new versions of scripts etc?

Hey guys - I'm the author of Old Script Finder. I was just scanning through my access logs and found this. :) Thanks for the post, GuySmiley.

The link posted by AH-Sal is indeed the correct one - www.oldscriptfinder.com . Old Script Finder is absolutely brand spanking new, hence not even being in google yet. Hopefully that'll change soon.

Somebody should make something to check OS modules too. I find these are a lot harder to keep track of, than scripts. (Like firewalls, kernal stuff [stuff I know little-to-nothing about!])

That's a very interesting idea. Thanks for that, if I can perhaps nab it. Technically, Old Script Finder could actually scan for pretty much anything already - it's just that the fingerprints are all for perl/php scripts.

Interesting little tool. How often does it update ? ie. to keep track of new versions of scripts etc?

Unless you specifically set the option not to check for updates, the Old Script Finder binary will check our server for updates every time it runs. And in turn, our server is updated several times per day, so if a new version is released, it's not very long before it'll know about it - usually a maximum of a few hours after the release.

I'm not exactly sure of the rules in this forum (the login page told me I hadn't logged in since 2006, oh dear), so I don't know if this is now counted as spam (:)), but if anyone has any questions at all, feel free to ask. Old Script Finder is a great tool to include free with VPS/dedicated servers too - the web site gives you discounts for buying a block of licences.

I will be asking our technical team to look into it further, however the license pricing all seems to be monthly.

With the number of servers we have the cost would be rather high!

Anyone knows if it's still supported? Users on my forum are complaining about not getting any replies anymore from support. It looks like if the script has been abandoned. Too bad I think...

I emailed him a month or so ago about purchasing the script, and haven't gotten any response whatsoever.

Ouch, about 10 minutes ago I ordered a 10-server license, I hope it is still supported!

Doesn't appear to work on Debian (either on 32bit or 64bit on a OpenVZ VPS).

*shrug*