Antivirus/trojan Remover/worms Remover For Servers?
You buy an anti virus for your computer , you run it it checks and get rid of Trojans and worms
OK fine
what about a dedicated server or vps?
how do you do that? what product people use to run and anti virus and get rid of all those worms and Trojans?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Which AntiVirus For Windows Servers?
I'm rather new to Windows dedicated servers and would like to know which Anti Virus to use for a Windows dedicated server? What other security measures do I need to take on the windows server as well? Been hosting with Linux servers for years, one would almost expect that a security on a Windows server is "second nature", but I have some doubts about the security of these servers. We'll be using Windows 2003 standard & Windows 2003 Web edition.
View Replies!
View Related
<iframe> Worms
I have recently found that several of the web sites that I'm hosting on my server have worms that when you access the web sites in Internet Explorer, the antivirus is triggered. When you look an the source code there's always an iframe that loads a remote web page with a worm. Have you seen it already? How did these web sites get infected? Is there an easy way to clean them or is it the hard way? I ran a clamscan on the server and it didn't find anything
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
LKM Trojan?
I just installed a fresh copy of centos 4.5, updated some programs and installed chkrootkit. When i run # ./chkproc, it shows the following output: # ./chkproc You have 14 process hidden for readdir command You have 14 process hidden for ps command Searching for LKM trojans shows the following output: # ./chkrootkit -x lkm EXE 9994: /usr/sbin/named CWD 9995: /var/named EXE 9995: /usr/sbin/named CWD 9996: /var/named EXE 9996: /usr/sbin/named CWD 9997: /var/named EXE 9997: /usr/sbin/named CWD 9998: /var/named EXE 9998: /usr/sbin/named CWD 26293: /var/lib/mysql EXE 26293: /usr/sbin/mysqld CWD 26294: /var/lib/mysql EXE 26294: /usr/sbin/mysqld CWD 26295: /var/lib/mysql EXE 26295: /usr/sbin/mysqld CWD 26296: /var/lib/mysql EXE 26296: /usr/sbin/mysqld CWD 26297: /var/lib/mysql EXE 26297: /usr/sbin/mysqld CWD 26298: /var/lib/mysql EXE 26298: /usr/sbin/mysqld CWD 26299: /var/lib/mysql EXE 26299: /usr/sbin/mysqld CWD 26300: /var/lib/mysql EXE 26300: /usr/sbin/mysqld When i stop mysql and named, and run # ./chkrootkit -x lkm again, it doesn't show anything. When i turn mysql and named back on, it starts complaining about compromises again. Can it be a false alarm, or should i really be worried? What do you advise me to do now?
View Replies!
View Related
Trojan-Downloader.JS.Psyme.hz
I have an hosting account at OXEO.com and I have trojan problems on all my websites The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz I checked my websites on Google and Google is warning users for this kind of problems for one of my websites Does anybody here has experienced the same problem?
View Replies!
View Related
How-to - Rootkit Scan (trojan Etc)
What is a rootkit? The following link is a very good read to answer that question. http://linux.oreillynet.com/pub/a/li...4/rootkit.html In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server. Usage: 1. su - (change to root user) 2. mkdir /usr/local/chkrootkit 3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 4. tar -xvzf chkrootkit.tar.gz 5. cd chkrootkit* 6. cp * /usr/local/chkrootkit 7. cd /usr/local/chkrootkit 8. make sense Now scan your system: 1. cd /usr/local/chkrootkit 2. ./chkrootkit chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct. Part 2 - automated chkrootkit, and emailed results. I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results. Usage: 1. vi /etc/cron.daily/chkrootkit 2. add the following code. Code: #!/bin/bash (cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com) 3. chmod 0755 /etc/cron.daily/chkrootkit This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits. Removal: If you don't like getting the emails or just want to remove this from your server: 1. rm /etc/cron.daily/chkrootkit 2. rm -rf /usr/local/chkrootkit All files will now be deleted from your server.
View Replies!
View Related
15 POSSIBLE Trojan Detected WHM
i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment ) and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected How i can solve this ?? and remove this trojans .
View Replies!
View Related
PHP.Backdoor.Trojan
As usually I do monthly scan to all files on my site,today I download all backup site into my PC,then scanning them using Norton Antivirus and on one site files Norton detected PHP.Backdoor.Trojan. I take a look file location and found current file with name xTgsj78Jn.txt Then I go to my server where site hosted,and i go to the directory and found file above stay on there,I try many time to delete it but always get an error message "Permission denied",I try to change permission but always returned an error. When deleted it i use command rm -r with root access,then I do ls -l and found details file like below. -rwxrwxrwx 1 nobody nobody 137787 Mar 19 20:14 xTgsj78Jn.txt* Please help me to delete this file. FYI this file uploaded to my hosting file site.
View Replies!
View Related
Possible Trojan List By WHM - Do I Need To Worry?
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here: Scan for Trojan Horses Appears Clean /dev/stderr Scanning for Trojan Horses..... Possible Trojan - /usr/bin/cpan Possible Trojan - /usr/bin/instmodsh Possible Trojan - /usr/bin/prove Possible Trojan - /usr/bin/xmlcatalog Possible Trojan - /usr/bin/xmllint Possible Trojan - /usr/bin/xml2-config Possible Trojan - /usr/lib/libxml2.la Possible Trojan - /usr/bin/mysqlhotcopy Possible Trojan - /usr/bin/Wand-config Possible Trojan - /usr/bin/animate Possible Trojan - /usr/bin/compare Possible Trojan - /usr/bin/composite Possible Trojan - /usr/bin/conjure Possible Trojan - /usr/bin/convert Possible Trojan - /usr/bin/display Possible Trojan - /usr/bin/identify Possible Trojan - /usr/bin/import Possible Trojan - /usr/bin/mogrify Possible Trojan - /usr/bin/montage Possible Trojan - /usr/bin/curl-config Possible Trojan - /usr/bin/curl Possible Trojan - /usr/lib/libcurl.so.3.0.0 Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so Possible Trojan - /usr/sbin/pureauth 25 POSSIBLE Trojans Detected Is there anything that looks fishy here?
View Replies!
View Related
Websites Infected With Trojan How To Solve?
i see my websites are infected with some trojan. there are some iframe tag simlilar to this in all index files <iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe> any idea how might this iframe inserted in my codes. i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus any idea how this is happened and how to avoide this?
View Replies!
View Related
Trojan-Clicker.HTML.Iframe.g In My Website? What Is This??
I have a website and all works fine, but an user said me that uses kaspersky said me my website has an trojan i don't understand how this is possible, and i'l really worried. the trojan that appears to my user is: Trojan-Clicker.HTML.Iframe.g someone know why i have this trojan? Now the users refuses to open my website!! i'm more than worried this is an printscreen of the error: ...
View Replies!
View Related
Trojan Detected On Initial Load Of Site
I have 2 reseller accounts with one provider, and in the last several days I have noticed that when you visit the site for the first time, my AV software detects a trojan on the site, but the code & html files are 100% clean! I'm suspecting that there is something being injected into the scripts from the server daemons that's either running or something else. Anyone have any suggestions?
View Replies!
View Related
Trojan-Clicker.HTML.IFrame.amh
I am not that technically proficient so I have to resort to shared hosting solutions...I am currently with Bluehost. Problem: I have a small site with minimal needs in terms of storage and bandwidth, but the site is controversial and gets hacked and attacked a lot. I need a shared hosting provider which ranks higher than most in terms of security. Recently the site was attacked such that any user going to the site was infected with Trojan horse viruses. Donno if it's useful or not but here are the files from my PC antivirus which was infected when I went to the site with IE: File generated by Rogers Online Protection Anti-Virus C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5PG8E0SM0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:25 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5GC9JZWI3gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5QBPA1ELgifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5EKTEAS82gifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5P5098OY4gifimg[4].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:29 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5IPGNWAB0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE55VT8B104gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE543XUDX83gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:21:31 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:22:18 AM C:Documents and SettingsuserLocal SettingsTemporary Internet
View Replies!
View Related
Prevent Of Execution Trojan Shell Scripts, Like R57shell And Other?
Which configuration for php and server that prevent execute shell scripts? Which funstions you recommend to disable? Like shell_exec, passthru, proc_open, proc_close, proc_get-status, proc_nice, proc_terminate, exec, system, suexec, popen, pclose, dl, ini_set, virtual, set_time_limit
View Replies!
View Related
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
What is the mining of following lines in temp folder. If i have been check daily /tmp folder many /tmp/clamav are presented in mail server, and occupied the large amount of space in temp folder /tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND /tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND /tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND /tmp/malware.zip: Infected.Archive FOUND
View Replies!
View Related
Antivirus.exim
i have installed antivirus.exim on server but if i like to set filters for particular domain how can i set it? if i set 25 as global but i like to set more then 50 filter for only one domain is it possible? if yes then how?
View Replies!
View Related
Antivirus Software
There's a lot of anti-virus programs for Windows (Norton, McAffee, Zonealarm, etc.), but there doesn't seem to be any for Linux. Why is that? Am I just searching in the wrong places?
View Replies!
View Related
Trojan Activity - Running Perl With High CPU Usage, With User Apache
Running programs named Perl with Heavy CPU usage, with the ownership of user apache. We found the problem on Fedora 3 and Fedora 6. In our case, it was the result of a Trojan activity. Quick Solution Check the cron jobs of user apache crontab -u apache -e */1 * * * * perl /tmp/.tmp/tmpfile delete the cronjob entry. Also delete the file /tmp/.tmp/tmpfile also added "apache" to the file /etc/cron.deny That's all Problem and solution in detail....
View Replies!
View Related
Antivirus To Use With Cpanel Apart From Clamav?
is there a antivirus i can use with cpanel apart from clamav? found a virus on my work pc this morning that was trying to send emails out so i want my cpanel server to prevent any emails with virus's going out. i was told clamav would slow down my server so i thought about AVG and was just wondering what other people have installed.
View Replies!
View Related
Rackmount AntiVirus Appliance?
Can anyone recommend an affordable antivirus hardware appliance that can be put in-line between a physical machine acting as a mail server and the switch? I need it only to filter on ONE machine so it would not have to be extremely fast. Spam filtering would be a plus as well. Any recommendations? I am looking for something plug and play.
View Replies!
View Related
Antivirus For Plesk Server
I've been getting so many warnings from my data center that there are active viruses on my server. These viruses get uploaded when user uploads data using FTP. I am looking for a good / cost effective antivirus for server which should check all files as well as emails and remove virus from server. Server Info : Windows 2003 + Plesk Control Panel.
View Replies!
View Related
DrWeb Antivirus & Plesk
I am running Plesk server and without any changes to the server DrWeb is sending hundreds of emails to the postmaster email address... Dear Postmaster, the message with following attributes has not been delivered, because contains an object which cannot be checked by antivirus ....
View Replies!
View Related
AntiVirus And Firewall For Windows 2003
First of all, I am from Australia. Some people might know here dedicated servers cost a lot coz bandwidth is extremely expensive. I am hiring a box to put dedicated game servers on them (Counter Strike Source). I am looking for a Windows Firewall and Anti Virus. I am also wondering what version of Windows 2003 server should I get. Do I need to get real time protection and email scanner? And also, is it wise to download and browse TRUSTED sites on the server?
View Replies!
View Related
Which Antivirus Product Works In The VPS?
Which antivirus product works in the VPS? I just installed Avira Antivir Windows Server 8 to my VPS but it didn't work out (service won't start). Have you ever installed antivirus client for VPS? If you have, what client should work in the Windows VPS (F-Secure, Symantec...)?
View Replies!
View Related
Is Antivirus Necesarry In Windows Server
Is antivirus necessary in Windows Server with IIS6? I am hosting several web pages and web applications(ASP.NET) on two servers for three years, never have any problem with viruses. What antivirus would you suggest to use? I have tried AVG and NOD and they are very massive and slow down web applications.
View Replies!
View Related
Hardware: Db Servers, Web Servers, File Servers. Cpu, Ram, Disk
I have a lot of questions here so if you can't answer them all I understand. even pointing me somewhere where I could get the answers would be appreciated; hardware sites focusing on server hardware, forums focusing on such, etc. we plan to have three different types of servers: - db server (self explanatory. mysql. for forums, mysql driven sites.) - file server (lots of files around ~2-10MB, consistant 70mbps right now, but we want more room for upgrades. needs a LOT of storage room.) - web server (lots of php files, but also static things like plain html, images, etc. also includes all misc services for the setup-- dns, etc.) could I be given a rundown for which hardware each of the three should have? I don't need specifics, even just knowing that more ram is important here while cpu doesn't matter as much, or that the fastest disks available are a must, etc would all be valuable info for me. despite that, I certainly wouldn't mind specific hypothetical hardware configs. for the database server I'm assuming the more ram the better. not entirely sure about the cpu? also not positive on disks... for the fileserver, how much ram would be practical or useful? disk io will be an issue I'm because plenty of people will be pulling files at once so the disk needs to read from multiple places. scsi (and even raptors) are not an option as we need 750GB+ of space on a reasonable budget. more ram will take some load of of the disks, but how much is neccessary / reasonable? for the web server I'm assuming cpu first, then ram, but it'll likely need less ram than the db server? I'm more lost on the disks than anything. scsi on the fileserver is not an option under any circumstances due to $/GB. for the db & web server I'm willing to pay for scsi if the performance increase really does warrant the extra money, but I'd like to be convinced before shelling it out. if you have benchmarks geared at server hardware when it comes to disks I'd really appreciate it. also, what's the best way to network these together when colocated? each one with a dual gigabit ethernet port and then the communications go to and from the router?
View Replies!
View Related
Antivirus Solution For Smtp Relay Server
I have a dedicated windows 2003 server that acts as an smtp relay (legit purposes, not open). There are large amounts of mail relayed through the server and I would like to install some 3rd party software that can scan the messages/attachments for viruses. Ideally, if one exists it strips it from the message and notifies the recipient and/or sender of the problem. any ideas on where to start?
View Replies!
View Related
Clamav :: Never Enable The SUID Or SGID Bits For Clam AntiVirus Binaries
If you are installing ClamAV for the first time, you have to add a new user and group to your system: 3 # groupadd clamav # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav Consult a system manual if your OS has not groupadd and useradd utilities. Don't forget to lock access to the account! WARNING: Never enable the SUID or SGID bits for Clam AntiVirus binaries. I've done the above before installing ClamAV, what do I do to lock access to the account and siable the SUID or SGID bits for Clam AntiVirus binaries?
View Replies!
View Related
Load Balancing 2 Web Servers And 2 MySQL Servers
I was wondering if it is possible to cluster 2 web servers and 2 mysql servers with only one server working as load balancer. I am planning to use LVS (ldirectord and heartbeat). Let's say I have 3 IPs allocated to the load balancing server. 111.222.111.222 (Main IP) 111.222.111.223 (Web Load Balancing IP) 111.222.111.224 (MySQL Load Balancing IP) If a connection is made to .223 it would pass the request to one of the web nodes. If a connection is made to .224 it would pass the request to one of the MySQL nodes. Is it possible to do this? If not, can I run, for example, nginx on 223 IP address to provide forward proxy? (Then it would not be able to HA but the main point is to load balance so) Also, what would be the best way to keep the data same on both web servers? This is a web cluster for a very high traffic forum with a lot of uploads every hour so it has to do real time synchronization. I heard that DRDB is only one way and not two way so I'm not going to be able to use this.
View Replies!
View Related
|
TRACKER
