Checking your Web Server for vulnerabilities

InternetPeriscope can check your Web server for vulnerable scripts which hacker's could use to compromise your web site.

When you install a webserver (e.g. IIS, Apache, etc.) on your Internet Host, many files will be copied to your host, including a number of programs and scripts.

Hacker's like to investigate the many files that are installed by default when you install a Web Server or other Web-enabling (e.g. Shopping Cart) software.

Often, they are able to find vulnerabilities in these scripts and programs that enable them to exploit your web server.

There are many lists of such potential vulnerabilities on hacker sites, as well as programs to test for them.

InternetPeriscope enables you to test for many of these scripts and programs, enabling you to remove or patch any vulnerable scripts or programs that may be on your Web server.

Click on the Tools menu, move your mouse over the "Check for Vulnerabilities" menu item, and click on "Check Web Server...", as shown in the figure.
Check for Vulnerabilities menu item

Enter the domain name of the Web server you wish to check for vulnerable scripts. In the example below, the user enters "", and clicks on the OK button.

After a few moments, the "Results of Web Server Vulnerability Test" dialog appears.

At the top of the dialog box is a listbox that shows the vulnerabilities that were tested. Note that hackers are finding new vulnerabilities every day, and that this list should by no means be considered exhaustive.

Underneath that list, is a list of the vulnerabilities that were found. In this case, InternetPeriscope found that there is a file called "test-cgi" on the server. "test-cgi" is known to be a target of hackers. This script should probably be removed, or at least the version should be checked to see if any vulnerability have been fixed. It would also be a good idea to use go to one's favorite Web Search engine, and search for the words "test-cgi hack", for more information.

Very Important: If your web server hosts more than one website, it is important that you test all of the websites separately for vulnerabilities. For example, if your web server hosts two websites, one called, and another called, then it would be important to test each of these sites separately for web script vulnerabilities.

Problems, Comments, Suggestions? Click here to contact Greg Thatcher

Please read my Disclaimer

Copyright (c) 2013 Thatcher Development Software, LLC. All rights reserved. No claim to original U.S. Gov't works.