#3763 - Detect insecure scripts or downloads under webroot or base directory

Identifier	#3763
Issue type	Feature request or suggestion
Title	Detect insecure scripts or downloads under webroot or base directory
Status	Completed
Tags	Type: Security (custom)
Handling member	Chris Graham
Addon	health_check
Description	Search for any files or directories matching these regexp patterns... #^phpinfo\.php$#i (PHP Info scripts should not be permanently left around, and if it's useful to keep you can do it from inside Composr or on the command line) #^bigdump\.php$#i (bigdump is useful for SQL imports, but should not be left around) #^phpmyadmin$#i (phpMyAdmin can be a huge security risk - although maybe we should scan it to see if it is secured with a login form or not) #back.*\.(tar\|gz\|zip)$#i (backups that people should not be able to download) #\.(sql)$#i ("")
Steps to reproduce
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Unrated

Comments

By Guest posted 20th Jan 2019, 12:43 PM

Probably this should be split out into separate tests: phpMyAdmin, bigdump, phpinfo, backups.