Well, you could start by scanning your site with nikto.
Here's mine:
---------------------------------------------------------------------------
- Nikto 1.35/1.35 -
www.cirt.net
+ Target IP: XXX.XXX.XXX.XXX
+ Target Hostname: XXXXXXXXX.com
+ Target Port: 80
+ Start Time: Fri Oct 21 18:53:06 2005
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache
- Retrieved X-Powered-By header: PHP/4.3.11
+ /robots.txt - contains 13 'disallow' entries which should be manually viewed (added to mutation file lists) (GET).
+ PHP/4.3.11 appears to be outdated (current is at least 5.0.5)
+ /?mod=<script>alert(document.cookie)</script>&op=browse - Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /?pattern=/etc/*&sort=name - The TCLHttpd 3.4.2 server allows directory listings via dirlist.tcl. (GET)
+ /help/ - Help directory should not be accessible (GET)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?err=3&email=\"><script>alert(document.co okie)</script> - MySQL Eventum is vulnerable to XSS. OSVDB-12606. (GET)
+ /index.php?module=ew_filemanager&type=admin&func=ma nager&pathext=../../../etc - EW FileManager for PostNuke allows arbitrary file retrieval. OSVDB-8193. (GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)
+ /index.php?option=search&searchword=<script>alert(d ocument.cookie);</script> - Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /index.php?top_message=<script>alert(document .cookie)</script> - Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /index.php?vo=\"><script>alert(document.cookie);</script> - Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.co okie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search - eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.coo kie)</script> - eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /administrator/ - This might be interesting... (GET)
+ /includes/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ Over 20 "OK" messages, this may be a by-product of the
+ server answering all requests with a "200 OK" message. You should
+ manually verify your results.
+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?topic=&lt;script&gt;alert(docume nt.cookie)&lt;/script&gt;%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ Over 20 "OK" messages, this may be a by-product of the
+ server answering all requests with a "200 OK" message. You should
+ manually verify your results.
+ 2664 items checked - 24 item(s) found on remote host(s)
+ End Time: Fri Oct 21 18:59:44 2005 (398 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
No security issues? 
Linear Mode
