Top

Tag Archives | clamav

WordPress hidden cookie (wp_cookie)

We found very old and hidden WordPress cookie, which named wp_cookie. This allows an attacker to run anything on the compromised user website with user permissions. wp_cookie This is a very clever attack method that allows arbitrary commands to run on a server with ignoring any server security software, just like normal PHP code. Also, […]

Continue Reading

CowoKerensTeam File Manager

The malware is a PHP File Manager – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download or delete files. CowoKerensTeam File Manager Today we found new PHP webshell, what we have not seen before […]

Continue Reading

Sanesecurity start distribute Malware.Expert malware signatures

Today we are very happy new distribution channel. Sanesecurity started sharing our Malware signatures via their distribution channels worldwide to new servers. Sanesecurity signatures Sanesecurity produces add-ons signatures to help improve the ClamAV detection rate on Zero-Day malware and even on Zero-Hour malware. Also add-on signatures provide enhanced email security against the following email types: […]

Continue Reading

sql_dump.php – Bot network

Today we looked server’s logs and we found very active Bot network that trying use old malware and upload more PHP code files to servers. Malware files If we look access logs, we found many files which tried access, but they not are normal WordPress, Joomla etc. files. /Abbrevsprl.php /administrator/administrator.php /administrator/dbconfig.php /administrator/includes/readmy.php /administrator/webconfig.txt.php /al277.php /authenticating.php […]

Continue Reading

Silence is golden

Normally Silence is golden is all inside the index file. Just an empty file with no code and a single line comment saying “Silence is golden”. But wait, there exists nothing for no reason, there has got to be some reason for this file being empty ? The answer is security. If this index file […]

Continue Reading

scan malware cpanel server

Learn how to scan and protect your cPanel server for Malware and Viruses. To protect your server from viruses and malware, or if you believe there are scripts on your server already we recommend doing the following. Requirements: – Maldet (Linux Malware Detect) – Clamav (Clam AntiVirus) Install ClamAv How To install Clamav Install Maldet […]

Continue Reading

Remove Website Malware

Shared web hosting companies usually installed server clamav virus scanner. This is very helpful to scan PHP files with malware. Also, you need ssh access to the server and use extra signatures to get better detect ratio php malware. We generated bash script for that, so no need manually download everything. This script working cPanel/DirectAdmin […]

Continue Reading

Install Maldet Directadmin Server

Login to DirectAdmin server via SSH as the root user or sudo to get root access. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed […]

Continue Reading

Securing Directadmin Server

ssh If possible, don’t allow user login ssh to the server. Also disable root user login and use sudo to gain root access. Change: Restart ssh server! Note: Make sure you installed sudo and sudoers to your user! Filesystem You can prevent and hide access certain folders and files. php.ini There are certain functions in […]

Continue Reading

Install ModSecurity to Directadmin with Custombuild 2.x

Prerequisite If you dont have custombuild or version is 1.x, you need first upgrade to custombuild 2.x. Upgrade instruction https://help.directadmin.com/item.php?id=555 Update Custombuild Update custombuild: Configuration Edit options.conf file and change these lines to below: Build ClamAV scanner Optional can use Malware Expert ClamAV Signatures and Linux Malware Detect Build ModSecurity Mod_Security Rules In options.conf possible […]

Continue Reading