How to avoid malware and viruses for your websites?

Emily Routledge

Active member
Registered
Joined
Aug 13, 2016
Messages
67
Points
8
One of our websites was infected by malware and although it is solved by my team but I would like to know on How to avoid malware and viruses for our websites? what are the best tips? please advise me.
 

racksandcloud

Well-known member
Registered
Joined
May 18, 2017
Messages
89
Points
0
If it is wordpress or any other CMS website, always update it to the latest version of CMS, themes, plugins.

Also, use the complex password for any login credentials to the hosting account/CMS dashboard.

Do not connect the server or hosting account or CMS dashboard from a virus affect computer/local machine.

If you have root access to the server, it should be better to run Maldet Realtime Monitoring.

Do not use nulled wordpress or other CMS themes or plugins, always use recommended themes and plugins.

Make sure file permissions are correct, Only allow execute permission for required files/folder

Make sure unusable ports are closed in the server if you have ssh root access to the server.
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,501
Points
63
David Beroff
I have not used this software. what Maldet will tell you if website has issues?
 

racksandcloud

Well-known member
Registered
Joined
May 18, 2017
Messages
89
Points
0
racksandcloud
Install maldet
======================
cd /usr/local/src/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh

This will automatically install a cronjob inside /etc/cron.daily/maldet so a daily scan will be run for local cPanel or Plesk accounts.


update to the latest version and virus signatures
====================================================
maldet -d && maldet -u


Run the scan manually
==========================
To scan a specific directory, run the following command:

maldet -a /home/user


To launch a background scan for all user's public_html and public_ftp in all home directories
=========================

maldet -b --scan-all /home?/?/public_?

(We also recommend you to scan /tmp and /dev/shm/)

Run Maldet monitoring
=======================

maldet -m, –monitor USERS|PATHS|FILE

Run maldet with inotify kernel level file create/modify monitoring
If USERS is specified, monitor user homedirs for UID's > 500
If FILE is specified, paths will be extracted from file, line spaced
If PATHS are specified, must be comma spaced list, NO WILDCARDS!


Verify the scan report
=======================

you should read scan reports before doing a quarantine.

List all scan reports time and SCANID:

maldet --report list


Show a specific report details :

maldet --report SCANID

Show all scan details from log file:

grep "{scan}" /usr/local/maldetect/event_log


Clean the malicious files
===========================

By default the quarantine is disabled and you can enable it in file configuration. You will have to launch it manually.

maldet -q SCANID

More information https://www.rfxn.com/projects/linux-malware-detect/
 

WhiteVM

Member
Registered
Joined
Dec 6, 2016
Messages
18
Points
3
Simple and easy:
1. Use secured scripts, update the version of the software you are using.
2. dont give any access to yours server and files.
3. Scan yours server, use ClamV ;)
4. Use a professional hosting provider :)
5. DO NOT USE UNKNOWN SCRIPTS OR CMSS!
6. IF YOU USE WORDPRESS DO NOT INSTALL UNKNOWN PLUGINS!

its only the start for server and site security, but this advise will do the JOB <3
 

casualhost

Active member
Hosting Provider
Registered
Joined
May 19, 2017
Messages
79
Points
0
Keeping scripts updated + complex passwords is a must.

In addition, Keep daily backups locally so you can revert back if necessary
 
Older Threads
Replies
6
Views
2,877
Replies
3
Views
3,068
Replies
2
Views
2,642
Latest Threads
Replies
0
Views
19
Replies
1
Views
37
Replies
0
Views
226
Replies
1
Views
48
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top