Since I’ve seen so many customers getting their accounts hacked I figured I’d post the tools I have to try to deal with these types of issues.
One of them can be found here, (I removed the link because the guy removed the wiki from his site.) it was written by one of my co-workers. (His scripts should only work on Linux/Unix based OS’s, sorry no Windows support.) Basically he wrote a script that checks for some easy to discover vulnerabilities such as having register_globals enabled or world writable files among other things. He also wrote a script to fix those issues, one to tell you if any changes have occurred since the last time the script was run, & he converted my FrontPage clean up script for SSH.
I also made it so that the security scanner he wrote can work in PHP. (Once again this is only for Linux/Unix servers.) You can get it here.