Advise on website security?

justsimplehosting

New member
Would anyone be able to advise me on clamav and imunify360 website security plugins for cpanel?
And out of those what one would you say is best in protecting against theses type of attacks?
Some of the scripts look like a hackers paradise.
dirty.c sym403.php wso.php
 

bigredseo

HD Community Advisor
Staff member
Would anyone be able to advise me on clamav and imunify360 website security plugins for cpanel?
And out of those what one would you say is best in protecting against theses type of attacks?
Some of the scripts look like a hackers paradise.
dirty.c sym403.php wso.php
The files you posted, are they examples of things you want to catch on the server level, or were they included in packages you listed?

I've used ClamAV before (still have it running on a dedicated server I use for testing). It catches most things when you have the scan running. We used to use it on shared servers we had for clients too, but that was 7+ years ago, so I've no idea of it's power today.
 

justsimplehosting

New member
The files you posted, are they examples of things you want to catch on the server level, or were they included in packages you listed?
The files i posted are examples of the things i want to catch. We don't allow or provide these scripts in any of our hosting packages.
I've used ClamAV before (still have it running on a dedicated server I use for testing). It catches most things when you have the scan running. We used to use it on shared servers we had for clients too, but that was 7+ years ago, so I've no idea of it's power today.
Do you have it set to run as a cron on your test server or do you run in manually?
 

bigredseo

HD Community Advisor
Staff member
Do you have it set to run as a cron on your test server or do you run in manually?
ClamAV is set to run as a cron and then it also scans all mail and it some in and out.

We also have a Chkrootkit that runs regularly on the server and we use LMD (Linux malware detection). That's been awesome and runs with the "maldetect" scan. When we hosted client files we used that to run every hour and send an email report if it found anything.

I believe that it was the LMD that would detect any shell scripts on folders too. I know we had additional scripts that I had written in the past to do extra things, but since I don't do shared hosting anymore (or any server management), I have since killed off those files. I'm sure they're on a backup computer here somewhere, but not readily accessible.
 

justsimplehosting

New member
Thanks Spin Servers.
There is a lot of plugins and configuration options when looking at protecting your server.
This looks like an amazing solution.
 
Rootkits:-
Rootkits are malicious software that is surreptitiously installed on your server by a hostile intruder, giving the intruder root access and almost complete control over the information that is stored on or flows through your computer. On your virtual private server, RKHunter is a programme that will help you to protect your virtual machine from rootkits. RKhunter scrapes your computer and compares it to a database of rootkits that have been identified. This simple to install plugin addresses the underlying cause of this kind of security invasion and shuts off access points for future assaults.
 

Spin Severs

New member
Thanks Spin Servers.
There is a lot of plugins and configuration options when looking at protecting your server.
This looks like an amazing solution.

Bit Ninja is great and they are pretty inexpensive. Plus their service is a great advertising tool for your clients showing that you take steps to make sure your server(s) are secure.

I highly recommend them :)
 

Spin Severs

New member
Another option is simply to secure the server yourself, use some software like Kernalcare, and imunify360 to help stay ahead and give your users more secure. CloudLinux is a great way to isolate your clients in the event their accounts are compromised.
 
We've tried it all.

We used CXS for quite some time and it catches alot however it does use clamav to scan better which you can inturn tie into using better signatures from interserver and from malware.experts to make it even stronger. This is the cheapest option in my opinion.

The Bitninja is an awesome product and protects better in my opinion than Imunify360 does however imunify360 beats it on the auto clean of sites and malware protection.

Alternatively you could use just ClamAV and and unofficial signatures like the following below which you can add to your freshclam.conf file at the bottom of it and dont forget to restart freshclam

DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
DatabaseCustomURL http://sigs.interserver.net/shell.ldb
DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
 
Top