Website Malware Scanning
Apr 8, 2009
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
View 1 Replies
ADVERTISEMENT
Jul 31, 2006
How would I trace a malware file uploaded to a particular account? ....
View 2 Replies
View Related
May 16, 2009
in my server more than 5 sites got malware and gumblar.cn trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?
View 10 Replies
View Related
Apr 23, 2008
Can this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
View 3 Replies
View Related
Oct 31, 2009
Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
View 7 Replies
View Related
Apr 29, 2009
A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.
The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.
Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?
View 3 Replies
View Related
Jul 24, 2009
When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
View 14 Replies
View Related
Aug 21, 2006
malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
View 6 Replies
View Related
Apr 18, 2009
I have been receiving a lot of emails from LFD about this ip (93.190.138.129) port scanning.
I get about 3+ of these emails a day letting me know that ldf has blocked the ip temporary.
I am now wondering should I be worried about this ip port scanning?
The ip is from the netherlands where my server is hosted and was wondering if its a coincidence or not?
View 11 Replies
View Related
Jul 9, 2009
I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpMyAdmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpmyadmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/pma ...
View 14 Replies
View Related
Aug 23, 2009
Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.
In particular, we're talking PCI compliance to use PayPal website payments pro UK.
From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.
Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).
View 6 Replies
View Related
Dec 3, 2007
My internet security software blocked port scanning from IANA
Internet Assigned Numbers Authority. Who is this and what are they doing scanning the ports on my computer.
View 2 Replies
View Related
Oct 28, 2009
I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more..
I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one..
Just do a ping to ebay.com or paypal.com and then you will receive RTO message or Destination host unreachable, but actually the site is running well..
View 5 Replies
View Related
Apr 21, 2008
What do you recommend for scanning a site against intrusions and security holes?
View 1 Replies
View Related
Jul 12, 2007
So I've been working on getting the modsecurity upload scan function to work for over 4 hours now and i'm done with this junk to say the least.
Using modsec 1.9
Cpanel 10x
Apache 1.3
in the modsec.conf
SecUploadDir /tmp
SecUploadApproveScript /usr/local/apache/htdocs/upload_scan.pl
All I get in the audit_log is:
Access denied with code 406. Error verifying files: Received no output from the approver script (execution failed?) "/usr/local/apache/htdocs/upload_scan.pl" ....
View 1 Replies
View Related
Mar 9, 2007
My main goal was stopping incomingo spam.. and MailScanner is doing a great work on that.. but, it is taking too much time extracting and scanning attachments... does anyone know how to disable scanning the attachments ?
This is my top output from MailScanner running:
Code:
12:10 3 MailScanner: extracting attachments
View 0 Replies
View Related
Aug 16, 2007
I tried to configure Sendmail as e-mail MTA with ClamAV & SpamAssassin before my local network. I can send and receive e-mail but spamassassin doesn't filter them. Do you know where I should look for?
View 2 Replies
View Related
Mar 5, 2007
I was trying to install mailscanner on a cpanel box using chirpy's script [url], followed every step, until this:
Code:
[root@server.yourbox.com:~]perl mscpanel.pl -i
Unable to open spam.scanning.rules for reading: file or directory doesnt exist at mscpanel.pl line 115.
On the 115 line i found this:
Code:
open (IN, "</usr/mailscanner/etc/rules/spam.scanning.rules") or die "Unable to open spam.scanning.rules for reading: $!";
The file /usr/mailscanner/etc/rules/spam.scanning.rules just doesnt exists... maybe chirpy's script is not working well installing everything its needed..
View 5 Replies
View Related
Dec 10, 2014
I'm running CentOS with Paralells Plesk bundled Paralellls Premium Antivirus (Dr Web). After the latest yum updates DrWeb continously seems to crash and be restarted by the Parallells watchdog. By default there were no logs for DrWeb, but when I enable logging to a file it gets spammed continously with the following error:
Cannot create pipe for communication with scanning childs (Too many open files)and the Drweb process runs at 99% CPU for long periods. This totally fills the disk with logs and I've now disabled logging again and Drweb is back to continously being restarted by the watchdog.
View 3 Replies
View Related
Jul 23, 2009
Avast started giving out warnings when people viewed my site saying a trojan horse was detected called "JS:Bulered".
I looked through the page and noticed a chunk of code added at the end of the page:
[code ...]
I cleared it then noticed it was also added to random files on my Invision Power Board forum and Coppermine gallery so I cleared it from there as well (just replaced the files from a backup I had).
I'm currently on a dedicated server with SoftLayer and I have a few other sites and when checking them I noticed the code was added to pages on those sites as well!
Right now I'm just concentrating on my main site I've cleared all the code, changed the password, ftp password, root password for the server. But after several hours the code was added again..
I read somewhere that it could be an infection on my computer that is using the ftp connection I make to inject the code to my site so I've changed the ftp password again and I've stopped using ftp. It's been a couple of hours and the code hasn't been added back yet but there's a good chance it'll be back soon.
View 7 Replies
View Related
May 3, 2008
If I type google.com in my address bar, it forwards me to www.google.com. This is not happening for my website right now. I think its a good idea to do this, since then search engines will have only 1 main URL for the website to index.
My question is:
How do I implement this? I think this may involve mucking with CNAME settings...
View 2 Replies
View Related
May 15, 2009
I want my users to be redirected directly to my forum
so when they type in www.mywebsite.com it will redirect instantly to www.mywebsite.com/forums
I know this can be done on Cpanel... any other ways?
View 7 Replies
View Related
Nov 2, 2009
I m tired with Shared Hosting so i bought one vps but i haven't any knowledge how to run site through vps and how to change nameserver blah blah
I Have Window VPS
Can any one help me step by step for setting up site through window vps ..
View 10 Replies
View Related
Apr 30, 2008
I use Ian Lloyd's book and that's where I found out about this forum. Looks like a great forum.
I downloaded Fliezilla FTP and I'm trying to transfers files from my computer onto an angelfire web site.
Filezilla asks for a server address and I put in the URL address that I registered with angelfire. It then asks me for an administration password, and I put in my password to the angelfire site. I keep getting: Error: Connection to server lost...
Does anyone know what I'm doing wrong here? I would like to use Filezilla to upload my files (web pages) to the angelfire site.
View 20 Replies
View Related
Jan 16, 2007
I hosted website and sometime it is going down. Same server some of my websites working fine. Please just know why going down my website sometimes..
View 7 Replies
View Related
Oct 23, 2008
I have a website which is currently hosted with streamline.net on their shared msql 11 server.
We have had several issues with them over the last few weeks where someone is using most of the server and slowing everyone elses sites down so much so they crash.
This week and weekend are my busiest time of the year (I sell fancy dress) and my site it totally unuseable.
We have phoned them and they have done nothing except ask us for a log which we have provided for short periods of time.
The down time has now got so bad that I have had only 2 sales today. I estimate I am losing approx 400 per day at the moment due to this problem.
Is there anything that I can do urgently to prevent my business from being killed by someone else.
View 11 Replies
View Related
Jul 27, 2007
So I'm interviewing with a company and when I typed in the URL to their website, I was met with a nasty surprise: a "hacked by so and so" message! However, after looking closer, I see that I had accidentally appended a period (".") to the end of the domain name, for example: http://www.example.com./
When I removed the period, the site appeared as normal. I don't know anything about the server other than it's IIS. Is there anything I can suggest to them when I go in to interview? I'd like to point this out to them; it may even help my chances at landing the job! (It's not related to networking, though.)
View 0 Replies
View Related
