Top

How detect malware

When you scan server files with Clamdscan or Maldet your scanner give postitive result and Extra ClamAV signatures to better ratio detect malware. We using clamdscan scanner to scan files. Example user www files: Now we open content-none.php file to look better: The first looks, there is no anything, but if you look better first […]

Continue Reading

Install Maldet cPanel Server

Login to cPanel server via SSH as the root user. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed ClamAV scanner. Maldet without installed ClamAV […]

Continue Reading

Magento Webforms Upload Vulnerability

In ModSecurity auditlog we found magento webforms upload vulnerability. Looking better POST payload, found this image.phtml script, which first uploaded to customer website. If index.php / image.phtml file success uploaded, it can access from www and executed! image.phtml   First it send email to fileputcontent@gmail.com notify details like Hostname, URL, IP:   Then it try […]

Continue Reading

Install ClamAV cPanel Servers

Installing ClamAV cPanel server via WHM grahpical Login to WHM (Control Panel) as the root user Navigate to: Home » cPanel » Manage Plugins Select ClamAV tick the Install and keep updated box Click on Save Installing ClamAV via Command Line (SSH) This command tells the system that we want ClamAV to be listed as […]

Continue Reading

Securing cpanel server

php.ini Securing cpanel php.ini in controlpanel or manually. Login cpanel control panel and goto: Home » Software » MultiPHP INI Editor Find disable_functions: Change “disabled_functions =” to: Or manually change files below: Install ClamAV Scanner To install or uninstall ClamAV Scanner, use WHM’s Manage Plugins interface (Home » cPanel » Manage Plugins). Offical Ducumentation Install […]

Continue Reading

How To Set Up a Firewall Using Iptables

Setting up a good firewall is an essential step to take in securing any modern operating system. Most Linux distributions ship with a few different firewall tools that we can use to configure our firewalls. In this guide, we’ll be covering the iptables firewall. A good starting point is check the current rules that are […]

Continue Reading

PHP_SESSION_PHP

We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean […]

Continue Reading

Bash Vulnerability

Bash Vulnerability is a family of security bugs in the widely used Unix Bash shell. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer […]

Continue Reading

PHP Cookie Injection

We found lot off new activies again somekind bot network: If we look this line number 19: wp-load.php from auditlog and found there cookie ID & CODE payload (php eval): Our commerical ModSecurity rules detect these and block them!

Continue Reading

FilesMan

PHP backdoors are server-side malicious scripts. The typical example of such backdoors are various File Managers, Web Shells, Command Shells, tools for bypassing admin login or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP based, thus intended for server-side use and the payload is […]

Continue Reading