A web shell or backdoor shell is a script written in the supported language of a target web server to be uploaded to enable remote access and administration of the machine. Shells are able to infect servers that may not necessarily be internet-facing, servers for hosting of internal resources are also subject to web shell … Read more
We found very old and hidden WordPress cookie, which named wp_cookie. This allows an attacker to run anything on the compromised user website with user permissions. wp_cookie This is a very clever attack method that allows arbitrary commands to run on a server with ignoring any server security software, just like normal PHP code. Also, … Read more
The malware is a PHP File Manager – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download or delete files. CowoKerensTeam File Manager Today we found new PHP webshell, what we have not seen before … Read more
Today we are very happy new distribution channel. Sanesecurity started sharing our Malware signatures via their distribution channels worldwide to new servers. Sanesecurity signatures Sanesecurity produces add-ons signatures to help improve the ClamAV detection rate on Zero-Day malware and even on Zero-Hour malware. Also add-on signatures provide enhanced email security against the following email types: … Read more
Today we looked server’s logs and we found very active Bot network that trying use old malware and upload more PHP code files to servers. Malware files If we look access logs, we found many files which tried access, but they not are normal WordPress, Joomla etc. files. /Abbrevsprl.php /administrator/administrator.php /administrator/dbconfig.php /administrator/includes/readmy.php /administrator/webconfig.txt.php /al277.php /authenticating.php … Read more
Normally Silence is golden is all inside the index file. Just an empty file with no code and a single line comment saying “Silence is golden”. But wait, there exists nothing for no reason, there has got to be some reason for this file being empty ? The answer is security. If this index file … Read more
Learn how to scan and protect your cPanel server for Malware and Viruses. To protect your server from viruses and malware, or if you believe there are scripts on your server already we recommend doing the following. Requirements: – Maldet (Linux Malware Detect) – Clamav (Clam AntiVirus) Install ClamAv How To install Clamav Install Maldet … Read more
Shared web hosting companies usually install a malware scanner on their servers (ClamAV virus scanner). This is very helpful to scan PHP files with malware. Also, you need SSH access to the server and use extra signatures to get a better detection ratio of PHP malware. We generated a bash script for that, so there … Read more
Login to DirectAdmin server via SSH as the root user or sudo to get root access. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed … Read more
ssh If possible, don’t allow user login ssh to the server. Also disable root user login and use sudo to gain root access. Change: Restart ssh server! Note: Make sure you installed sudo and sudoers to your user! Filesystem You can prevent and hide access certain folders and files. php.ini There are certain functions in … Read more