Web Hosting Talk : Web Hosting Main Forums : Hosting Software and Control Panels : Scan for illegal files?

[blacknight]

Is there anything out there to scan a server for illegal files?
Eg. particular scripts, executables or mp3s (ie. stuff that could potentially break your AUP)

[Gyrbo]

find /home -name *.zip
find /home -name *.exe
find /home -name *.rar
find /home -name *.?z
find /home -name *.mp3
find /home -name *.mp*g
find /home -name *.avi

Put that in a file and run it each day, and let it mail the results to you.

[blacknight]

Simple, but probably very effective...

[mikeknoxv]

Pirates are renaming mp3 files and such to commonly found files (such as .txt, .bmp, .gif, etc.). I take it there's no way to scan for these files?

[blacknight]

Maybe if you scanned for *.txt/*.gif etc., files over a MB ???
It's highly unlikely that anybody would have a legitimate reason to store a 2 or 3 meg *.txt

Another obvious one would be the bandwidth usage...

When I originally asked the question I was thinking more along the lines of scripts that could either be used maliciously, or that would put a server under a lot of strain eg UBB

[Skeptical]

Not that simple. Crooks will rename their files to something innocuous like *.txt. They'll cut up the files into small chunks. It's a cat and mouse game... and some of them have enough experience to know how to get around you.

[Webdude]

I am actually building such a thing at http://warezchasers.com . It's on hold for now since I am unwilling to fund it for further development out of my own pocket, maybe later, or if I get funding some other way. For now, it works great on our free hosting....it's just not developed enough for public distribution.

[dreamrae.com]

Lol, make a program that scans during the night hours, maybe once every week. Checks the headers of files to see what kind they are.. But that would make a high load avg... Oh well...

[Skeptical]

Webdude, I'd like to test out your warezchasers thing. I went over to your site but couldn't find any download/documentation links. Can I test it out?

[astraler2k]

find / -size +1024k -print

This command can find over 1024K.

You can change 1024k

[Webdude]

Quote:

Originally posted by Skeptical
Webdude, I'd like to test out your warezchasers thing. I went over to your site but couldn't find any download/documentation links. Can I test it out?

It's not available yet. I havent made any kind of install or documentation. It's also still being developed, but I havent put much time into a realable version due to that.

[blacknight]

Please keep us informed. Is it going to be GPL or commercial?

[donsimon]

Actually we do this already ourselves with ncftp. As a file is uploaded we check to see if a file is in our acceptable mime types and is not above our maximum file size. If it meets all of those criteria, we then add it to a text file. Once an hour a script comes by and checks all files in the tex file. It verifies that each file is the correct mime type. For example, if it's supposed to be a jpg, we look at the header and make sure it's a jpeg.

But the webmasters have gotten smarter, I've seen 3 meg jpg's when viewed have a 20x20 picture. So you can also get the heigth and width of the file, and the total bytes. Then a little math:

4877 bytes/(113 x120) = .35966...

If your number is less than 1, it's a valid jpg or gif.
If it's greater than one, time to do a little investigations.

With a little time and math, anything is possible.

Donny

[Webdude]

and they are also doing it with mp3, midi, wav, etc. All of which our WarezHunter properly detects and deletes. We hope to have it doing several hundred file types.

[donsimon]

The other option is to charge people by the amount of bandwidth they use. If somebody puts some warez or movies up and it gets listed somewhere it will be pushing 2-3mb/s easily. If they go over their limit shut them down. Problem solved.