Need advice to mitigate malware

R

roboticpuppies

New member
Registered
Joined
Apr 25, 2018
Messages
11
Points
3
Hello,

I need some advices to mitigate and remove malwares from my server. Mostly I found encoded scripts using base_64. But recently, it's really hard to find the files. I'm using cPanel and Clamav Plugin. I've updated the clamav signature, but still the malware is still there. I've tried to run scheduled scan, but it made the server load high. I read that adding some apache module like mod_clamav will help, but does anyone try that? Thank you.
 
VirtuBox

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Hello,

here some usefull commands to find infected files :

Bash: 
# If the hack was recent, check lastly modified files
$ find . -mtime 0

# Some hacks are nice enough to include a comment for when a block starts/ends  (ex: //istart)
$ find . -type f -name "*.php" | xargs grep -H "istart"

# Normally files with hacks use base64 encoded data in an attempt to hide code
$ find . -type f -name "*.php" | xargs grep -H "base64_decode"

# Eval-ing of code is usually a sign of something naughty (allthough lots of plugins etc use this)
$ find . -type f -name "*.php" | xargs grep -H "eval("

# Sometimes php files are "hidden" inside the javascript assets folder
$ find wp-includes/js -type f -name "*.php"
 
R

roboticpuppies

New member
Registered
Joined
Apr 25, 2018
Messages
11
Points
3
Hello,

Thank you for the info. I'll try it out. I want to automate it, and minimizing using commands. Do you have any advice sir? Like using antivirus and other? I heard that Imunify360 will help a lot. But I have not really know about it yet. And by using commands, I'm afraid that this will cause false positive since I want to automate it :)
 
mobin

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
What do you mean by malware is still there? You mean you found some bad files, cleaned them up but its re-appearing? if so, you should really look into the app running under those accounts. generally with some CMS [ like Wordpress, Joomla, Drupal, etc ] If you really cannot find the bad files under each accounts, then you need a better scanner. if you want some free solution, try MalDet with Malware.Experts rule set..it can help you. Do not forget to schedule scan based on your demand.
 
R

roboticpuppies

New member
Registered
Joined
Apr 25, 2018
Messages
11
Points
3
roboticpuppies
Hello,
Yes, I tought the malware is still there. But now I think after I cleaned the malware, the attacker can re-upload the malware via website vulnerability again.
I think you're right, maybe the CMS or the plugins are outdated.
Thanks for the info about malware.expert though :)
 
You must log in or register to reply here.
Older Threads
ahirehost
How To Find The Real IP Address Of A Website Behind CloudFlare
Replies
2
Views
2,042
AECHostingNet
D
Error 524 - a timeout occurred
Replies
2
Views
2,826
MooseLucifer
W
Which Cheap Dedicated Server should I get?
Replies
16
Views
5,910
Daniel204
Dopani
Is Regular Expression enabled on Phpmyadmin?
Replies
0
Views
1,514
Dopani
Dr. McKay
Knownhost vs Liquidweb: Which managed VPS provider is better?
Replies
1
Views
1,772
valvps
Newer Threads
seth_smlwd
How Do I Increase The Visibility Of My Instagram Posts With Consistent Planning?
Replies
1
Views
1,433
superman2727
Chris Worner
VestaCP has a serious security flaw that causes your server to be exploited for DDoS
Replies
0
Views
1,461
Chris Worner
manoaratefy
Review for a review website
Replies
1
Views
1,534
Cheerag Nundlall
Cheerag Nundlall
How can I check if SSH is enabled?
Replies
10
Views
6,921
tuxandrew
Cheerag Nundlall
How to view directories and files on Linux with tree structure?
Replies
4
Views
4,110
24x7serverman
Latest Threads
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
27
cancan
M
How to Choose the Best Web Hosting Provider for a New Website ??
Replies
0
Views
28
marcellosallas
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
123
jtti
Mvv758
Hello
Replies
1
Views
79
AlbaHost
D
Help Needed with Setting Up Cloudflare R2 for Object Storage
Replies
0
Views
99
dilshanking
Recommended Threads
Kaz Wolfe
How can I check email server is working or not via SSH?
Replies
2
Views
1,771
David Beroff
superman2727
CPU/GPU Mining Bitcoin
Replies
6
Views
3,488
superman2727
steitieh
$30 Budget Monthly for Internet Marketing
Replies
4
Views
2,922
judy36x
David Beroff
What are web design trends for 2017?
Replies
7
Views
3,700
m33kuh
SenseiSteve
Enterprise Class Dedicated Servers 10% OFF with Coupon Promo | ProlimeHost | From $119
Replies
0
Views
1,961
SenseiSteve
Similar Threads
B
Custom VPN on a VPS side business project - need advice!
Replies
3
Views
1,921
radwebhosting
Medhahosting
Hello Guys need your advice on choosing SEMalt?
Replies
2
Views
1,980
KelvinSmith
jadoinc
new project need advice
2
Replies
20
Views
8,241
Hosting13
jadoinc
looking to start hosting and services business need advice
2
Replies
23
Views
8,431
Gecko
SeekingAdvice
Need advice on my project about about evaluating traffic, choosing a hoster and more
Replies
6
Views
3,532
TheCompWiz

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top