Need advice to mitigate malware

Joined
Apr 25, 2018
Messages
7
Best answers
0
Ratings
1
Points
3
#1
Hello,

I need some advices to mitigate and remove malwares from my server. Mostly I found encoded scripts using base_64. But recently, it's really hard to find the files. I'm using cPanel and Clamav Plugin. I've updated the clamav signature, but still the malware is still there. I've tried to run scheduled scan, but it made the server load high. I read that adding some apache module like mod_clamav will help, but does anyone try that? Thank you.
 

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,551
Best answers
4
Ratings
414 13
Points
83
#2
Hello,

here some usefull commands to find infected files :

Bash:
# If the hack was recent, check lastly modified files
$ find . -mtime 0

# Some hacks are nice enough to include a comment for when a block starts/ends  (ex: //istart)
$ find . -type f -name "*.php" | xargs grep -H "istart"

# Normally files with hacks use base64 encoded data in an attempt to hide code
$ find . -type f -name "*.php" | xargs grep -H "base64_decode"

# Eval-ing of code is usually a sign of something naughty (allthough lots of plugins etc use this)
$ find . -type f -name "*.php" | xargs grep -H "eval("

# Sometimes php files are "hidden" inside the javascript assets folder
$ find wp-includes/js -type f -name "*.php"
 
Joined
Apr 25, 2018
Messages
7
Best answers
0
Ratings
1
Points
3
#3
Hello,

Thank you for the info. I'll try it out. I want to automate it, and minimizing using commands. Do you have any advice sir? Like using antivirus and other? I heard that Imunify360 will help a lot. But I have not really know about it yet. And by using commands, I'm afraid that this will cause false positive since I want to automate it :)
 

valvps

Active member
Joined
Feb 17, 2017
Messages
72
Best answers
0
Ratings
2
Points
8
#4
what system is using linux?

you tried to install Linux Malware Detect (LMD)

I also think that here in the forum there Pyxsoft
 

mobin

Well-known member
Joined
Jun 22, 2017
Messages
212
Best answers
0
Ratings
85 1
Points
28
#5
What do you mean by malware is still there? You mean you found some bad files, cleaned them up but its re-appearing? if so, you should really look into the app running under those accounts. generally with some CMS [ like Wordpress, Joomla, Drupal, etc ] If you really cannot find the bad files under each accounts, then you need a better scanner. if you want some free solution, try MalDet with Malware.Experts rule set..it can help you. Do not forget to schedule scan based on your demand.
 
Joined
Apr 25, 2018
Messages
7
Best answers
0
Ratings
1
Points
3
#7
roboticpuppies
Hello,
Yes, I tought the malware is still there. But now I think after I cleaned the malware, the attacker can re-upload the malware via website vulnerability again.
I think you're right, maybe the CMS or the plugins are outdated.
Thanks for the info about malware.expert though :)
 
Latest Threads
Replies
0
Views
23
Replies
1
Views
19
Replies
2
Views
19
Replies
0
Views
11
Replies
2
Views
17

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top