V
V
Volgarastraport2015-08-20 09:01:18
Malware
Volgarastraport, 2015-08-20 09:01:18

How to monitor the virus on the site?

Tired of fighting malware. Through some holes, they upload their PHP scripts to a variety of sites hosted on the DigitalOcean droplet. We clean, but the process is endless. Every 2-3 hours a new script appears, mostly spam.
Maybe it's possible to prohibit the creation of new PHP files and modification of existing ones on the entire droplet?

Answer the question

In order to leave comments, you need to log in

7 answer(s)
M
Mokhirjon Naimov, 2015-08-20
@zvermafia

Manul - free antivirus for your website by Yandex

D
Denis Verbin, 2015-08-20
@rez0n

There is a folder in which they are uploaded, usually these are image uploads for posts (wp-content/uploads for wordpress)
So in this folder you need to kill the execution of scripts.
Add .htaccess file with content

Options None
Options +FollowSymLinks
RemoveHandler .php
AddType "text/html" .php .cgi .pl .fcgi .fpl .phtml .shtml .php2 .php3 .php4 .php5 .asp .jsp

S
Sergey, 2015-08-20
@gangstarcj

Can use normal software without holes? You clean up the virus, but you don't close the hole. Maybe you downloaded scripts from a torrent, there are always viruses.
Use Aibolit, it will help in finding holes. Or contact its developer, he knows how to properly clean sites

I
index0h, 2015-08-22
@index0h

1. Make sure that you DO NOT upload php scripts, from the word at all.
* Double-check all places where $_FILES is used.
* The rights of the created files are not higher than 644.
* Files with *.php extension must not end up in directories for uploaded files.
* When uploading, both extension and mime-type must be checked.
2. All your php files, with the exception of index.php, should not have permissions to run, 644 is quite normal.
3. Directories with php files should not have write access.
4. If you store the executable code in the database, don't do it.
5. Check the code for sql injections, everything that flies into the database must be checked.
6. Monitor suspicious traffic.

V
Vladimir Martyanov, 2015-08-20
@vilgeforce

See HTTP, FTP and SSH access logs. In a very extreme case - full logging of traffic with subsequent analysis.

P
Puma Thailand, 2015-08-20
@opium

disable write permissions to all folders

G
Gena, 2015-08-21
@ps_air

clamav+maldet

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question