# Nobody Check # Copyright 2006 Wave Point Media Inc. All Rights Reserved. # Made available by WebHostGear.com (http://www.webhostgear.com/353.html) # Nobody Check Read Me ========================================= NOTE: see the changelog.txt for new changes in 1.03 The Nobody Check tool is a new and unique security tool that can detect malicious processes that are running on your Linux server and report them to you in real time or by email. The tool can be configured to run at selected times and doesnt eat up resources or interfere with server operations. # How does it work? This shell script checks all the processes owned by the nobody user. If you have configured your web server to use a different user then you will need to contact me so we can customize this for you. By default all cPanel installations run Apache under the nobody user. It will take a sample of all the current running processes and rule match them. Anything not matching the rules is a malicious program. # What rules have you tested it with? We have rules made available for: - Urchin stats - ChiliSoft ASP - Apache web server - Melange - Entropychat - ProFTPD FTP Server - Much more! If you find a false positive then please let us know the application that is running so we can add to this great tool so others wont later run into the same problem. Email us with any ones you find. # Does it really help? Yes it does. Its not as powerful as something like mod_security (which we highly recommend) but its still a very worthy tool to have installed, takes no resources or maintenance and only complains when it finds a problem. We have all to often seen shell bots and malicious scripts running for hundreds of hours without a flintch because no one noticed them. # Do you support anything other than cPanel? Yes, it supports Plesk and DirectAdmin as well as cPanel # I love the script, how can I help? Im glad to hear you're enjoying it. Please email us and let us know feedback is important! info@webhostgear.com Thanks for using Nobody Check by WebHostGear.com