A virtual server can have viruses just like a computer or smartphone. After all, they are united by software that can be infected by intruders.
If you own VPS hosting, you should have the ability to connect to the server via SSH. By connecting through this network protocol, you will be able to install antivirus for the server or simply run it when necessary.
Software virus checking can be done through the Linux Malware Detect scanner.
Installing the Scanner
All manipulations are performed via SSH, so in the first stage, connect to the VPS server via SSH. After that, perform sequential actions in the PuTTY client in the console. Copy each of the 5 commands and paste them using the “Shift” + “Insert” combination, completing the operation by pressing the “Enter” key.
The commands look as follows:
cd /usr/local/src/ wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzf maldetect-current.tar.gz cd maldetect-* sh ./install.sh |
Starting the Scan
Scanning a directory for viruses on the server is launched with the following command:
maldet -b -a /var/www/ |
If desired, you can specify a different directory for scanning.
Duration and Results of Virtual Server Scanning
Searching for viruses on the server and malicious files depends on the size of the folder or directory. Consequently, the larger the folder, the longer the scanning process will be.
Whether scanning has completed can be determined by entering the command
ps -aux | grep [m]aldet |
Here is the output of such a command:
root 12429 17.8 0.0 118408 6304 pts/0 S 09:24 1:35 bash /usr/local/sbin/maldet -b -a /var/www/mysite.ua/ |
From this example we see that the /var/www/mysite.ua/ directory is being scanned and the process is ongoing, you just need to wait for it to finish.
If when running the command it outputs nothing, then the check is finished and to see the result, run:
maldet -e |
Example output:
HOST: 78-26-128-200.vps.ukr.host SCAN ID: 160721-1022.31393 STARTED: Jul 21 2016 02:20:34 +0400 COMPLETED: Jul 21 2016 11:32:40 +0400 ELAPSED: 0s [find: 0s] PATH: /var/www/mysite.ua/ TOTAL FILES: 23890 TOTAL HITS: 1 TOTAL CLEANED: 0 WARNING: Automatic quarantine is currently disabled, detected threats are still accessible to users! To enable, set quarantine_hits=1 and/or to quarantine hits from this scan run: /usr/local/sbin/maldet -q 160721-1022.31393 FILE HIT LIST: {MD5}php.cmdshell.unclassed.4690 : /var/www/mysite.ua/pgtz.php |
In the example, you can see that scanning lasted 7 hours (from 02:20:34 to 11:32:40). A total of 23890 files were scanned (TOTAL FILES) and a virus was found (TOTAL HITS).
The infected file /var/www/mysite.ua/pgtz.php, in which cmdshell was found, is either deleted permanently or undergoes cleaning.
By pressing “Shift” + “:” the provided scan report closes. After this window disappears, press the “q” key and then “Enter”.
Having identified a virus on the server, be extremely careful with further actions. Carefully clean infected files, don’t accidentally delete libraries that are important for your website’s functioning. We also recommend creating a backup copy of the site before starting scanning and virus cleaning.
For quality and uninterrupted website operation, it is necessary to install antivirus on the server. Installing server antivirus on hosting or VPS will significantly reduce the risk of your domain being infected, and specialists from UkrHost company will help you choose it.