Login to DirectAdmin server via SSH as the root user or sudo to get root access. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed … Read more
When you scan server files with Clamdscan or Maldet your scanner give postitive result and Extra ClamAV signatures to better ratio detect malware. We using clamdscan scanner to scan files. Example user www files: Now we open content-none.php file to look better: The first looks, there is no anything, but if you look better first … Read more
Login to cPanel server via SSH as the root user. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed ClamAV scanner. Maldet without installed ClamAV … Read more
In ModSecurity auditlog we found magento webforms upload vulnerability. Looking better POST payload, found this image.phtml script, which first uploaded to customer website. If index.php / image.phtml file success uploaded, it can access from www and executed! image.phtml First it send email to fileputcontent@gmail.com notify details like Hostname, URL, IP: Then it try … Read more
Installing ClamAV cPanel server via WHM grahpical Login to WHM (Control Panel) as the root user Navigate to: Home » cPanel » Manage Plugins Select ClamAV tick the Install and keep updated box Click on Save Installing ClamAV via Command Line (SSH) This command tells the system that we want ClamAV to be listed as … Read more
php.ini Securing cpanel php.ini in controlpanel or manually. Login cpanel control panel and goto: Home » Software » MultiPHP INI Editor Find disable_functions: Change “disabled_functions =” to: Or manually change files below: Install ClamAV Scanner To install or uninstall ClamAV Scanner, use WHM’s Manage Plugins interface (Home » cPanel » Manage Plugins). Offical Ducumentation Install … Read more
We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean … Read more