How To Scan Your Web Servers For Malware With ISPProtect On CentOS/RHEL 6/7
Awesome Tools Linux TroubleShoot

How To Scan Your Web Servers For Malware With ISPProtect On CentOS/RHEL 6/7

With the advancement of digitization in the world along with India, every day lots of websites are coming up and these apps, websites data are hosted on web servers and therefore security is a big concern. In today’s scenario, most the websites are the result of CMS system like WordPress, Joomla, Drupal, Magento etc.

Now every day there are lots servers attacked with malware. These attackers exploit system flaws and infect the system with malware and because of such activities,  it is recommended to do sanity checks on regular basis.

ISPProtect scans for malware in website files and CMS systems like WordPress, Joomla, Drupal etc and by the end of this article, we will get aware of setting up ISPProtect

Scenario:

  1. My Server IP is 168.1.188
  2. OS – CentOS/RHEL 6/7
  3. PHP 5.4 preinstalled

Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig

ISPProtect Searching Area

  1. Signature-based malware scanner.
  2. Heuristic malware scanner.
  3. Scan outdated CMS systems installation dir
  4. Scan Outdated WordPress plugins of the whole server.
  5. Scan MySQL databases for malicious content.

Note: ISPProtect requires PHP  and it’s not free software but its free trial can be used to clean an infected system.

Step 1: Install ISPProtect

As mentioned earlier ISPProtect requires PHP and if PHP is not installed you can learn to install PHP. Now yu can install ISPProtect  using following command

Step 2: Start Scan

Now we have successfully installed ISPProtect and made a soft link in /usr/local/bin for using it as a command in the whole system.  to start scan run following command and follow the procedure

First, the scanner will check for updates and prompt you for the key (you just need to enter the word “trial” ) soon after it will ask for your websites location i.e. /var/www/html in most of the cases. but you should enter your location.


Now it will start the scan and will start showing you infected file at the end of the scan and these results get stored in log file present in the ISPProtect installation directory.

Step 3: Check Output and Set CRON

After the successful finish of scan you will see a list of several files and now you can figure out these infected files. To take a regular check you may set a Cron to do a malware check automatically for you. Do this follow these steps.

now save CRON with :wq!

Note: Do not forget to change your email id to get a detailed report.

Some Useful Information

1. Exclude files and logs from scan

2. Local whitelisting

You can add a file to the white list

By default, the white list is stored in ~/.ispp_scan.whitelist .You can change this path by adding the whitelist-path argument:

3. Ignoring malware types

This would ignore all malware named {ISPP}suspect.eval.base64 (not recommended, of course)

Watch Video:

Coming Soon

You Must Read:

  1. Which one Is Better Apache Or Nginx?
  2. How To Install WordPress 4.7 With Nginx ON RHEL/CentOS 6/7 & Fedora
  3. How To Install Nagios 4.X Server/Client – Part 1
  4. How To Install PHP 5.6 Using YUM ON CentOS/RHEL 6/7?



Kapendra
Love to write technical stuff with personal experience as I am working as a Sr. Linux Admin. and every day is a learning day and Trust me being tech geek is really cool.
http://kapendra.com

Leave a Reply