Find the answer to your Linux question:
Results 1 to 2 of 2
Malware can be tough to find and eradicate especially in time restraints of a production environment. So here's some steps to try. http://www.openlogic.com/wazi/bid/338314/how-to-locate-and-clean-malicious-code-on-your-website?source=Blog_Email_[How%20to%20locate%20and%20cl]...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    947

    Cleaning Malware from website


    Malware can be tough to find and eradicate especially in time restraints of a production environment. So here's some steps to try.

    http://www.openlogic.com/wazi/bid/338314/how-to-locate-and-clean-malicious-code-on-your-website?source=Blog_Email_[How%20to%20locate%20and%20cl]

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,655
    Good link DocBop. Myself, I keep the source web pages backed up (in version control) along with md5sums. So, I can check the current site, and if the checksums have changed, then I know I've been pwnd. In such a case I do this:

    0. Change root (and if necessary web-browser) password, along with disabling all sudo access to the root account.
    1. Take site off-line, with a "under maintenance" static page (read-only - not capable of modification by anybody).
    2. Figure out why I was vulnerable.
    3. Fix vulnerability and re-install known infected pages.
    4. Set up inotify to inform me if anything changes any of the pages on the site.
    5. Re-enable the site.

    This is a general roadmap.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •