Website Malware Scanning

Apr 8, 2009

A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.

I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.

I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...

View 1 Replies


Trace Malware

Jul 31, 2006

How would I trace a malware file uploaded to a particular account? ....

View 2 Replies View Related

Malware And Etc

May 16, 2009

in my server more than 5 sites got malware and trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?

View 10 Replies View Related

Malware Installation

Apr 23, 2008

Can this be interpreted as a malware (procede the following steps with caution).

After visiting without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.

Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?

View 3 Replies View Related

Malware Attacks On Servers

Oct 31, 2009

Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".

Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.

Is there a solution for that? Which linux server will be best to protect my site from malware attacks.

View 7 Replies View Related

Domain Flagged For Malware; How To Correct Blacklist

Apr 29, 2009

A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.

The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.

Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?

View 3 Replies View Related

All HTTP Requests To My Server Gets Redirected To Malware Websites

Jul 24, 2009

When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;

This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.

As soon as i restart Apache eveything returns to normal with no such redirects.

I think my server is being attacked causing http requests to get redirected to some malicious website.

This issue would resurface almost every hour and would not go away till i restart apache.

So far my Datacenter techs. have not been able to identify the cause of this.

View 14 Replies View Related

Clamav Died :: Malware Acl Condition: Clamd: Connection To, Port ...

Aug 21, 2006

malware acl condition: clamd: connection to, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.

Has anyone come across this annoying yet little error?

View 6 Replies View Related

Port Scanning

Apr 18, 2009

I have been receiving a lot of emails from LFD about this ip ( port scanning.

I get about 3+ of these emails a day letting me know that ldf has blocked the ip temporary.

I am now wondering should I be worried about this ip port scanning?

The ip is from the netherlands where my server is hosted and was wondering if its a coincidence or not?

View 11 Replies View Related

Somebody Is Scanning My Site For PhpMyAdmin

Jul 9, 2009

I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?

[Fri Jul 03 03:23:16 2009] [error] [client] File does not exist: /var/www/vhosts/
[Fri Jul 03 03:23:16 2009] [error] [client] File does not exist: /var/www/vhosts/
[Fri Jul 03 03:23:16 2009] [error] [client] File does not exist: /var/www/vhosts/ ...

View 14 Replies View Related

PCI Scanning On A Shared Server (UK)

Aug 23, 2009

Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.

In particular, we're talking PCI compliance to use PayPal website payments pro UK.

From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.

Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).

View 6 Replies View Related

IANA Scanning Ports

Dec 3, 2007

My internet security software blocked port scanning from IANA
Internet Assigned Numbers Authority. Who is this and what are they doing scanning the ports on my computer.

View 2 Replies View Related

Avoiding Port Scanning And Brute Force

Oct 28, 2009

I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more..

I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one..

Just do a ping to or and then you will receive RTO message or Destination host unreachable, but actually the site is running well..

View 5 Replies View Related

Scanning A Site Against Intrusions And Security Holes?

Apr 21, 2008

What do you recommend for scanning a site against intrusions and security holes?

View 1 Replies View Related

Modsecurity Clamav Upload Scanning Doesn't Work

Jul 12, 2007

So I've been working on getting the modsecurity upload scan function to work for over 4 hours now and i'm done with this junk to say the least.

Using modsec 1.9
Cpanel 10x
Apache 1.3

in the modsec.conf

SecUploadDir /tmp
SecUploadApproveScript /usr/local/apache/htdocs/

All I get in the audit_log is:

Access denied with code 406. Error verifying files: Received no output from the approver script (execution failed?) "/usr/local/apache/htdocs/" ....

View 1 Replies View Related

Disable File Attachment Scanning & Extractinig At MailScanner

Mar 9, 2007

My main goal was stopping incomingo spam.. and MailScanner is doing a great work on that.. but, it is taking too much time extracting and scanning attachments... does anyone know how to disable scanning the attachments ?

This is my top output from MailScanner running:

12:10 3 MailScanner: extracting attachments

View 0 Replies View Related

FreeBSD: Sendmail To Exchange. No Scanning E-mail Process

Aug 16, 2007

I tried to configure Sendmail as e-mail MTA with ClamAV & SpamAssassin before my local network. I can send and receive e-mail but spamassassin doesn't filter them. Do you know where I should look for?

View 2 Replies View Related

Unable To Open Spam.scanning.rules - MailScanner

Mar 5, 2007

I was trying to install mailscanner on a cpanel box using chirpy's script [url], followed every step, until this:

[]perl -i
Unable to open spam.scanning.rules for reading: file or directory doesnt exist at line 115.
On the 115 line i found this:

open (IN, "</usr/mailscanner/etc/rules/spam.scanning.rules") or die "Unable to open spam.scanning.rules for reading: $!";
The file /usr/mailscanner/etc/rules/spam.scanning.rules just doesnt exists... maybe chirpy's script is not working well installing everything its needed..

View 5 Replies View Related

Plesk 11.x / Linux :: Cannot Create Pipe For Communication With Scanning Child

Dec 10, 2014

I'm running CentOS with Paralells Plesk bundled Paralellls Premium Antivirus (Dr Web). After the latest yum updates DrWeb continously seems to crash and be restarted by the Parallells watchdog. By default there were no logs for DrWeb, but when I enable logging to a file it gets spammed continously with the following error:

Cannot create pipe for communication with scanning childs (Too many open files)and the Drweb process runs at 99% CPU for long periods. This totally fills the disk with logs and I've now disabled logging again and Drweb is back to continously being restarted by the watchdog.

View 3 Replies View Related

"JS:Bulered" Obfuscated Malware Code

Jul 23, 2009

Avast started giving out warnings when people viewed my site saying a trojan horse was detected called "JS:Bulered".

I looked through the page and noticed a chunk of code added at the end of the page:

[code ...]

I cleared it then noticed it was also added to random files on my Invision Power Board forum and Coppermine gallery so I cleared it from there as well (just replaced the files from a backup I had).

I'm currently on a dedicated server with SoftLayer and I have a few other sites and when checking them I noticed the code was added to pages on those sites as well!

Right now I'm just concentrating on my main site I've cleared all the code, changed the password, ftp password, root password for the server. But after several hours the code was added again..

I read somewhere that it could be an infection on my computer that is using the ftp connection I make to inject the code to my site so I've changed the ftp password again and I've stopped using ftp. It's been a couple of hours and the code hasn't been added back yet but there's a good chance it'll be back soon.

View 7 Replies View Related

How To Point To (or Vice Versa)

May 3, 2008

If I type in my address bar, it forwards me to This is not happening for my website right now. I think its a good idea to do this, since then search engines will have only 1 main URL for the website to index.

My question is:

How do I implement this? I think this may involve mucking with CNAME settings...

View 2 Replies View Related

How To Redirect.. ->

May 15, 2009

I want my users to be redirected directly to my forum

so when they type in it will redirect instantly to

I know this can be done on Cpanel... any other ways?

View 7 Replies View Related

How To Set Up A Website Using A VPS

Nov 2, 2009

I m tired with Shared Hosting so i bought one vps but i haven't any knowledge how to run site through vps and how to change nameserver blah blah

I Have Window VPS

Can any one help me step by step for setting up site through window vps ..

View 10 Replies View Related

FTP To Website

Apr 30, 2008

I use Ian Lloyd's book and that's where I found out about this forum. Looks like a great forum.

I downloaded Fliezilla FTP and I'm trying to transfers files from my computer onto an angelfire web site.

Filezilla asks for a server address and I put in the URL address that I registered with angelfire. It then asks me for an administration password, and I put in my password to the angelfire site. I keep getting: Error: Connection to server lost...

Does anyone know what I'm doing wrong here? I would like to use Filezilla to upload my files (web pages) to the angelfire site.

View 20 Replies View Related

Website Down

Jan 16, 2007

I hosted website and sometime it is going down. Same server some of my websites working fine. Please just know why going down my website sometimes..

View 7 Replies View Related

Website Down And Nothing I Can Do

Oct 23, 2008

I have a website which is currently hosted with on their shared msql 11 server.

We have had several issues with them over the last few weeks where someone is using most of the server and slowing everyone elses sites down so much so they crash.
This week and weekend are my busiest time of the year (I sell fancy dress) and my site it totally unuseable.

We have phoned them and they have done nothing except ask us for a log which we have provided for short periods of time.

The down time has now got so bad that I have had only 2 sales today. I estimate I am losing approx 400 per day at the moment due to this problem.

Is there anything that I can do urgently to prevent my business from being killed by someone else.

View 11 Replies View Related

Website Hacked

Jul 27, 2007

So I'm interviewing with a company and when I typed in the URL to their website, I was met with a nasty surprise: a "hacked by so and so" message! However, after looking closer, I see that I had accidentally appended a period (".") to the end of the domain name, for example:

When I removed the period, the site appeared as normal. I don't know anything about the server other than it's IIS. Is there anything I can suggest to them when I go in to interview? I'd like to point this out to them; it may even help my chances at landing the job! (It's not related to networking, though.)

View 0 Replies View Related

Copyrights 2005-15, All rights reserved