Viruses
- Thread starter oodaddy23
- Start date
AndyII
Verified User
- Joined
- Oct 3, 2006
- Messages
- 571
This may have nothing to do with your server/site, I have seen this many times when the PC is infected, not the website.
do you have a server? or just a website hosted with someone?
you can use an ftp client to see if or any new files are present and owned by someone other than the user, if so, a tell tale sign is a weird file name or a numbered file. Apache will write a legit file under some circumstances, but also a hacker will use Apache to write malicious files as well.
I have never seen DA server hacked, but have seen many sites hacked, its always an open folder/file that is accessible, scripts like WordPress and forums are great targets, an occasional e-commerce site too, as soon as someone finds an exploit, the hacker go on a field trip.
I LIKE DA because unlike cPanel, its very difficult to take the server at root level, and the DA team stays way on top of security issues and are very friendly and helpful, unlike some of those other control panel people
Sorry if I seem a little biased !!!
do you have a server? or just a website hosted with someone?
you can use an ftp client to see if or any new files are present and owned by someone other than the user, if so, a tell tale sign is a weird file name or a numbered file. Apache will write a legit file under some circumstances, but also a hacker will use Apache to write malicious files as well.
I have never seen DA server hacked, but have seen many sites hacked, its always an open folder/file that is accessible, scripts like WordPress and forums are great targets, an occasional e-commerce site too, as soon as someone finds an exploit, the hacker go on a field trip.
I LIKE DA because unlike cPanel, its very difficult to take the server at root level, and the DA team stays way on top of security issues and are very friendly and helpful, unlike some of those other control panel people
Sorry if I seem a little biased !!!
My PC isn't infected. I own a traffic exchange website and one of my members were surfing and said when the site ebooks4less.biz came up (which I also own) her anti virus software detected a virus. I checked it out and when I brought the site up my virus software also detected a virus. This isn't good because if a member gets a virus while surfing on my traffic exchange they more than likely will quit their membership. It's weird because now my Norton Anti Virus isn't detecting any virus when I go to the site.
I dont have a server the site is hosted with someone else.
Is there anyway I can check to see if the site is infected? I thought I would be able to right click on the site and check it with Norton but that option was not there.
I dont have a server the site is hosted with someone else.
Is there anyway I can check to see if the site is infected? I thought I would be able to right click on the site and check it with Norton but that option was not there.
AndyII
Verified User
- Joined
- Oct 3, 2006
- Messages
- 571
Is this more for mail?
went looking for a AV for Linux, something to search and find those hacker files and just delete them, like a spyware nuker or something.
not lazy, but is time consuming to manually search all user files
went looking for a AV for Linux, something to search and find those hacker files and just delete them, like a spyware nuker or something.
not lazy, but is time consuming to manually search all user files
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,248
clamav will search for all infected files whether they are an email attachment or just sitting there on the server.
I didn't realize running this from a daily cronjob was that hard
And don't forget to start
I didn't realize running this from a daily cronjob was that hard
And don't forget to start
Code:
/usr/local/bin/freshclam -d -c 24
Last edited:
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,248
No How-To needed.
RedHat based:
RedHat based:
Code:
echo "[dag]" > /etc/yum.repos.d/dag.repo
echo "name=Dag RPM Repository for Red Hat Enterprise Linux" >> /etc/yum.repos.d/dag.repo
echo "baseurl=http://apt.sw.be/redhat/el\$releasever/en/\$basearch/dag" >> /etc/yum.repos.d/dag.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/dag.repo
echo "enabled=1" >> /etc/yum.repos.d/dag.repo
yum -y install clamavAndyII
Verified User
- Joined
- Oct 3, 2006
- Messages
- 571
That's it
was just paging thru the how to on clamav and my eyes were spinning lol,
no more perl lines and others?
I run centos 4.x, Compiled on Redhat Enterprise 4.0
was just paging thru the how to on clamav and my eyes were spinning lol,
no more perl lines and others?
I run centos 4.x, Compiled on Redhat Enterprise 4.0
Last edited:
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,248
Its just writing information to a file. The above sets up the DAG repository so that yum can install clamav.
This simply writes the work "test" to the file.txt file. These are basic linux commands. You should really know some of these before trying to run a server.
Code:
echo "test" > /path/to/file.txtThis simply writes the work "test" to the file.txt file. These are basic linux commands. You should really know some of these before trying to run a server.
AndyII
Verified User
- Joined
- Oct 3, 2006
- Messages
- 571
So Sorry to bother you, really....
about 2004 I had a partner that was a server administrator, and knew Linux, but he is gone now passed on... and I was left to do myself, I have learned alot but it seems you can never get ahead of things, I am more the webmaster and setup accounts, install sites and also design.
I will try to see if I can learn more and bother people less
about 2004 I had a partner that was a server administrator, and knew Linux, but he is gone now
passed on... and I was left to do myself, I have learned alot but it seems you can never get ahead of things, I am more the webmaster and setup accounts, install sites and also design.I will try to see if I can learn more and bother people less
nobaloney
NoBaloney Internet Svcs - In Memoriam †
There are threads on these forums which discuss this. Also, the latest SpamBlocker 3 Release Candidate has code already in place; if you're already running it you just have to read the file and uncomment a few lines, and restart exim.
Jeff