How to find malicious code on website

We can use malicious commands and Maldet tool, ClamAV to find malicious code on your website content.

Here is a little piece of code that I run. It searches within cgi and php files for certain strings, and then places the file name within another file so that you can go through them:

netstat -anp : Look for programs attached to ports that you did not install / authorize

find / ( -perm -a+w ) ! -type l >> world_writable.txt : Look at world_writable.txt to see all world writable files and directories. This will reveal locations where an attacker can store files on your system. NOTE: Fixing permissions on some PHP/CGI scripts that are not properly coded will break them.

find / -nouser -o -nogroup >> no_owner.txt : Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. Please use the following link to download and install Maldet.

http://www.rfxn.com/projects/linux-malware-detect/

Download malware detect

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz 
tar -zxvf maldetect-current.tar.gz 
cd maldetect-1.4.2/

./install.sh

Once installation completed.

try to scan your files.

maldet -a /home/?/public_html

This will scan all your account files… This should preferred with screen.

To scan one particular folder, use this option.

maldet -a /home/testuser

ClamAV

Simply log into WHM, go to the cPanel section and click “Plugins.” Check the box next to “clamavconnector” and click save at the bottom of the page. This will install ClamAV.

Update antivirus database:

freshclam

Scan a directory and print out infected files:

clamav -ri /home

Scan a directly and remove infected files and emails:

clamav -ri –remove /home

0 Bu dökümanı faydalı bulan kullanıcılar:

Diğer Dökümanlar

What is cPanel and how to access it?
CPanel is a fully featured web-based control panel that allows you to manage your domain through a web interface. cPanel gives you complete control over a vast amount of functions, streamlining...
CloudFlare Plugin install on cpanel
CloudFlare is a performance and security service. With 14 points of presence around the world, a website on CloudFlare typically loads twice as fast, uses 65% less server resources, saves 60% of...
Enable Cronjob in cpanel and examples
What is cron? It is the scheduling daemon of the Linux operating system Cron jobs allow you to automate repetitive tasks on the server that hosts your web site. This is a powerful tool that allows...
What is Anonymous FTP and how to enable it
Anonymous FTP allows you and others that you give permission to, to access your “public_ftp” folder. There are two options available: 1. ftp://ftp.yourdomain.com –This allows...
Unable to connect cpanel using IP/whm and IP/cpanel
If cpanel cannot be accessed using IP/whm and IP/cpanel, but can be accessed using IP:2086 and IP:2082, then here goes the solution for the same. The reason for this issue due to missing some...