Does anyone know of a script I can run via the shell which will search for various well known rogue scripts which could be used for spamming and/or are know to be insecure?

This may be a lot to ask but I suspect someone else has already had a similar need...

Thanks.

I don't have a pre-packaged script that will do that md3v, however there is a little one-line thing I use from time to time.

[php]
for i in * ; do grep -r phrase.* ${i}/httpdocs ; done
[/php]

To use it just CD to /home/httpd/vhosts and run the above from the command line. Change the phrase bit to look for a word, string of text or phrase that is in the script you're looking for. If there are no spaces in the phrase you're searching for you won't need any quotes. If there are spaces surround your phrase in quotes.

You can also change the /httpdocs to look in a different place of course.

Here are a couple of real world examples:

If you want to look in the log files to find a file that was accessed at a specific moment in time you can use the following. Note that there are no quotes since there is no space in the phrase.

[php]
for i in * ; do grep -r 22/May/2004:08:32:46.* ${i}/statistics/logs ; done
[/php]

Or if you want to find every version of the various formmail scripts to look at something like the following. This one requires quotes around the phrase since there is a space in there.

[php]
for i in * ; do grep -r 'X-Mailer: DT_formmail'.* ${i}/httpdocs ; done
[/php]

Hope that helps.