BSW v.1

BSW it's a wrapper of /bin/sh with additional logging features. It log any command executed via /bin/sh by not-root user. You can use BSW in order to find on your server those sites that are vulnerable to php-injection or where there are installed web-based back door.

The example below shows some log file entries generated from 'id' command
executed by user 'www-data' using a web-based back door in php:

Command: /bin/sh -c id
Current/Working directory: /var/www/virtual_hosts/
User: www-data