clamav Archives

Install ModSecurity to Directadmin with Custombuild 2.x

December 9, 2017September 25, 2016 by admin

Prerequisite If you dont have custombuild or version is 1.x, you need first upgrade to custombuild 2.x. Upgrade instruction https://help.directadmin.com/item.php?id=555 Update Custombuild Update custombuild: Configuration Edit options.conf file and change these lines to below: Build ClamAV scanner Optional can use Malware Expert ClamAV Signatures and Linux Malware Detect Build ModSecurity Mod_Security Rules In options.conf possible … Read more

How detect malware

August 22, 2017September 17, 2016 by admin

When you scan server files with Clamdscan or Maldet your scanner give postitive result and Extra ClamAV signatures to better ratio detect malware. We using clamdscan scanner to scan files. Example user www files: Now we open content-none.php file to look better: The first looks, there is no anything, but if you look better first … Read more

Install Maldet cPanel Server

January 14, 2017September 11, 2016 by admin

Login to cPanel server via SSH as the root user. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed ClamAV scanner. Maldet without installed ClamAV … Read more

Install ClamAV cPanel Servers

March 21, 2018August 29, 2016 by admin

Installing ClamAV cPanel server via WHM grahpical Login to WHM (Control Panel) as the root user Navigate to: Home » cPanel » Manage Plugins Select ClamAV tick the Install and keep updated box Click on Save Installing ClamAV via Command Line (SSH) This command tells the system that we want ClamAV to be listed as … Read more

Securing cpanel server

June 30, 2019August 24, 2016 by admin

php.ini Securing cpanel php.ini in controlpanel or manually. Login cpanel control panel and goto: Home » Software » MultiPHP INI Editor Find disable_functions: Change “disabled_functions =” to: Or manually change files below: Install ClamAV Scanner To install or uninstall ClamAV Scanner, use WHM’s Manage Plugins interface (Home » cPanel » Manage Plugins). Offical Ducumentation Install … Read more

PHP_SESSION_PHP

January 14, 2017August 18, 2016 by admin

We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean … Read more