Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Anti-malware suggestion
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Anti-malware suggestion

What are the best options to protect a server with a few wordpress sites from malwares?
clamAV and maldet doesn't detect maximum malwares.

Imunify 360 looks like a bit expensive.
Is it good? haven't tried it. Is there any alternative that protects well?

What are your suggestions?
Please help.

«1

Comments

  • FatGrizzlyFatGrizzly Member, Host Rep

    12$ p/m is cheap imo.

    Or you can try IM AV+ which is half the price, 6$ p/m

  • @FatGrizzly said:
    12$ p/m is cheap imo.

    Or you can try IM AV+ which is half the price, 6$ p/m

    They seem to have a free version too.
    Is that good? I don't need one click cleanup.
    As long as the the detection is good, it'll be enough.
    Or does the plus version offer better detection?

  • there was an offer posted here last month for a such security software. I can't remember the name. they were offering a christmas sell.

  • stonedstoned Member
    edited January 2023

    @badhon_raj said: What are the best options to protect a server with a few wordpress sites from malwares?

    What kind of malware do you fear would make its way into your server?

    @FatGrizzly said: 12$ p/m is cheap imo.
    Or you can try IM AV+ which is half the price, 6$ p/m

    Before you do spend some cash, jot down what you have and assign a value to it. Inventory your data and assign tiers to the importance of data. Then once you know what you have, you can decide how much protection to assign something. Build a security model for your needs first.

    Find out what attack vectors are open for WordPress, which exploits it has currently, and the common ways in which WP sites get hacked and plug any holes you can find.

    You don't want to put a $10 lock on a $5 bike.

    To my mind, as much as I know webdev, malware are not what a WordPress site usually has to worry about.

    What would you imagine such a security software will do for WordPress? I'm curious to know.

    Thanked by 1badhon_raj
  • FatGrizzlyFatGrizzly Member, Host Rep

    @badhon_raj said:

    @FatGrizzly said:
    12$ p/m is cheap imo.

    Or you can try IM AV+ which is half the price, 6$ p/m

    They seem to have a free version too.
    Is that good? I don't need one click cleanup.
    As long as the the detection is good, it'll be enough.
    Or does the plus version offer better detection?

    AFAIK, Both have same detection.
    I am tagging @MikePT (guy from CLN to clarify you better).

    @stoned said:

    @badhon_raj said: What are the best options to protect a server with a few wordpress sites from malwares?

    What kind of malware do you fear would make its way into your server?

    @FatGrizzly said: 12$ p/m is cheap imo.
    Or you can try IM AV+ which is half the price, 6$ p/m

    Before you do spend some cash, jot down what you have and assign a value to it. Inventory your data and assign tiers to the importance of data. Then once you know what you have, you can decide how much protection to assign something. Build a security model for your needs first.

    Find out what attack vectors are open for WordPress, which exploits it has currently, and the common ways in which WP sites get hacked and plug any holes you can find.

    You don't want to put a $10 lock on a $5 bike.

    To my mind, as much as I know webdev, malware are not what a WordPress site usually has to worry about.

    What would you imagine such a security software will do for WordPress? I'm curious to know.

    My answer to anti-virus software is our brain, Think twice before you do anything. i.e(add a plugin, adding a script it).
    Most WP malware originates from nulled plugins and cracked plugins. When I was managing a webhosting server previously, IM 360 was great. I wrote a script to suspend an user account if it has more than 10 infected files, if less notify me. It worked great, but as for a single user site here, I do not have any idea.

    Thanked by 1badhon_raj
  • @stoned said: Find out what attack vectors are open for WordPress, which exploits it has currently, and the common ways in which WP sites get hacked and plug any holes you can find.

    managing one wordpress site that way is possible.
    But if you have 5 servers with 4-5 sites on each, then it becomes really difficult.
    keeping all plugins/themes always updated and checking which plugin has vulnerability is not possible at this point.

    @stoned said: You don't want to put a $10 lock on a $5 bike.

    I was thinking the same.

    @stoned said: To my mind, as much as I know webdev, malware are not what a WordPress site usually has to worry about.

    would you mind telling me a bit more?

    @stoned said: What would you imagine such a security software will do for WordPress? I'm curious to know.

    detect files that are uploaded/created by unknown party for malicious intent?
    If you want I can send you some sample files, which clamav and maldet both reports as clean.

    Wordfence plugin does a good job at detecting these files. I was thinking if there is something similar that works same at server level.

  • stonedstoned Member
    edited January 2023

    If you want I can send you some sample files, which clamav and maldet both reports as clean.

    Please upload the files to a free file upload host and post a link. I should like to examine them. Thank you.

  • But if you have 5 servers with 4-5 sites on each, then it becomes really difficult.
    keeping all plugins/themes always updated and checking which plugin has vulnerability is not possible at this point.

    If you are managing multiple wordpress sites, using a remote managment tool like ManageWP which allows updating multiple plugins in all the sites from a single dashboard would reduce a lot of headache. It also provides for security scans, though I don't know how capable it is in detecting malicious code compared to other solutions. It has identified some suspicious plugins for me. The bulk update of plugins in multiple sites have worked for me without fail. All this within the free plan.

    Thanked by 1badhon_raj
  • badhon_rajbadhon_raj Member
    edited January 2023

    @stoned said:

    If you want I can send you some sample files, which clamav and maldet both reports as clean.

    Please upload the files to a free file upload host and post a link. I should like to examine them. Thank you.

    here:
    https://mega.nz/file/dOAxgQra#TmMkBLQQxhHS2AIEq_HPUDsF_VZKMAH8cYh6SdTqsyA

    the .ico files are included in wp-config.php file or index.php file like this:
    @include ("\057var\057www\057htm\154/in\156owi\164y/w\160-in\143lud\145s/f\157nts\057.65\0631db\0649.i\143o");

    the .php files are scattered around in different folders.

    Please let me know what you think.

  • @air4x said:

    But if you have 5 servers with 4-5 sites on each, then it becomes really difficult.
    keeping all plugins/themes always updated and checking which plugin has vulnerability is not possible at this point.

    If you are managing multiple wordpress sites, using a remote managment tool like ManageWP which allows updating multiple plugins in all the sites from a single dashboard would reduce a lot of headache. It also provides for security scans, though I don't know how capable it is in detecting malicious code compared to other solutions. It has identified some suspicious plugins for me. The bulk update of plugins in multiple sites have worked for me without fail. All this within the free plan.

    Thanks, I'll definitely look into it.
    But in some cases, I'd really like something that can detect malware. and help me clean up the site, without updating plugins or themes.
    If the site gets infected repeatedly, which obviously will, then I can force the owner to update the site.

  • Install cPGuard and enjoy your secure and smooth server! It's scanner is so powerful. It cleaned a hacked website that Imunify360 was unable to. They offer a 30 days trial. Their support is also fast and helpful.

    https://www.opsshield.com/

    Thanked by 2badhon_raj kidrock
  • Does WP have any way to block execution of .php files uploaded by users?

    You could always setup a rule for your server, where the location ^.*uploads/ etc goes, to not execute any PHP files from that location.

    There should be a way to lock down WP and not have it execute anything users upload. Look into that.

    Thanked by 1badhon_raj
  • badhon_rajbadhon_raj Member
    edited January 2023

    @stoned said:
    Does WP have any way to block execution of .php files uploaded by users?

    You could always setup a rule for your server, where the location ^.*uploads/ etc goes, to not execute any PHP files from that location.

    There should be a way to lock down WP and not have it execute anything users upload. Look into that.

    that's not wordpress specific I think.
    It is possible to disable php file execution in wp-content/uploads folder via apache config.

    But I've had this problem before despite setting that.
    This is a very important step in securing the site, and I do this first thing on a site I manage.

    However, the site I sent the above malware files from, didn't have this.

    @mohsengham said:
    Install cPGuard and enjoy your secure and smooth server! It's scanner is so powerful. It cleaned a hacked website that Imunify360 was unable to. They offer a 30 days trial. Their support is also fast and helpful.

    https://www.opsshield.com/

    Thanks, this is what I was trying to remember the name of.

    Looks like the sell ended though.

  • ArkasArkas Moderator

    @FatGrizzly said: My answer to anti-virus software is our brain, Think twice before you do anything. i.e(add a plugin, adding a script it).

    The problem is that a plugin can be fine at one point, and then in the future it can become infected and you'll get infected as well during the update process. I don't think one can foresee such occurrences.
    Make sure you backup very frequently so you can revert back after a clean install.

    Thanked by 1badhon_raj
  • @Arkas said:

    @FatGrizzly said: My answer to anti-virus software is our brain, Think twice before you do anything. i.e(add a plugin, adding a script it).

    The problem is that a plugin can be fine at one point, and then in the future it can become infected and you'll get infected as well during the update process. I don't think one can foresee such occurrences.
    Make sure you backup very frequently so you can revert back after a clean install.

    yes!

    also some plugin will get abandoned and won't get update anymore.
    You won't even notice which plugin haven't got update in like past one year.

  • @mohsengham said:
    Install cPGuard and enjoy your secure and smooth server! It's scanner is so powerful. It cleaned a hacked website that Imunify360 was unable to. They offer a 30 days trial. Their support is also fast and helpful.

    https://www.opsshield.com/

    We haven't seen any providers here in LET providing cPGuard but Immunify360 only. And not much reviews on Google search too.

  • The best anti-malware is by not getting it all.

  • @kidrock said:
    We haven't seen any providers here in LET providing cPGuard but Immunify360 only. And not much reviews on Google search too.

    RackNerd use cPGuard in their shared/reseller hosting.

    Thanked by 2kidrock mohsengham
  • kidrockkidrock Member
    edited January 2023

    @Chalipa said:

    @kidrock said:
    We haven't seen any providers here in LET providing cPGuard but Immunify360 only. And not much reviews on Google search too.

    RackNerd use cPGuard in their shared/reseller hosting.

    If others can also share their security experiences to determine which is better between cPGuard and Immunify360 as only one person has shared above citing cPGuard to be better.

  • @mohsengham said:
    Install cPGuard and enjoy your secure and smooth server! It's scanner is so powerful. It cleaned a hacked website that Imunify360 was unable to. They offer a 30 days trial. Their support is also fast and helpful.

    https://www.opsshield.com/

    I have a bunch of plugins (one of them may have a backdoor malware, but not 100% sure) from a WordPress site. ClamAV did not detect anything. If it's possible for you to test them using either cPGuard or Immunify360, please let me know and I will provide you the plugins link.
    Or anybody else with cPGuard/Immunify360 would like to test?

  • While this doesn't really solve the ability to check files on the server (although, they do have an API - but still the service is mainly meant for "is this file malware?" rather than a full scan) - you can upload the file to virustotal.com and it will check it against many different virus provider signatures.

    Helpful if you have a file that you're not sure of. My experience it doesn't detect 100% but it's pretty close. But I really only use it doublecheck if I think a file contains malware.

  • @sparek said:
    While this doesn't really solve the ability to check files on the server (although, they do have an API - but still the service is mainly meant for "is this file malware?" rather than a full scan) - you can upload the file to virustotal.com and it will check it against many different virus provider signatures.

    Helpful if you have a file that you're not sure of. My experience it doesn't detect 100% but it's pretty close. But I really only use it doublecheck if I think a file contains malware.

    well, in most cases, you can simply open the file in text editor and check yourself.
    If you are familiar with wordpress and/or php, then you should be able to identify whether this particular file is malware or not.

    @CheepCluck said:
    The best anti-malware is by not getting it all.

    easier said than done.

    @kidrock said:
    I have a bunch of plugins (one of them may have a backdoor malware, but not 100% sure) from a WordPress site. ClamAV did not detect anything. If it's possible for you to test them using either cPGuard or Immunify360, please let me know and I will provide you the plugins link.
    Or anybody else with cPGuard/Immunify360 would like to test?

    for single site, you can try wordfence. it scans plugins files against the files from the repository. but by default this option is disabled, you have to go to scan settings and enable it.
    also it'll notify you if a plugin was removed from repository.

  • You can always setup crowdsec and install the wordpress bouncer to block any incoming attacks in real time.
    https://www.crowdsec.net/blog/wordpress-bouncer

    Wont detect malware or clean it but it will prevent scans and exploits using their crowd sourced blocklist.

  • @kidrock said:

    @mohsengham said:
    Install cPGuard and enjoy your secure and smooth server! It's scanner is so powerful. It cleaned a hacked website that Imunify360 was unable to. They offer a 30 days trial. Their support is also fast and helpful.

    https://www.opsshield.com/

    I have a bunch of plugins (one of them may have a backdoor malware, but not 100% sure) from a WordPress site. ClamAV did not detect anything. If it's possible for you to test them using either cPGuard or Immunify360, please let me know and I will provide you the plugins link.
    Or anybody else with cPGuard/Immunify360 would like to test?

    Sure. I will scan then using cpguard, imunify360 and bitninja

    Thanked by 1kidrock
  • @mohsengham said:

    @kidrock said:

    @mohsengham said:
    Install cPGuard and enjoy your secure and smooth server! It's scanner is so powerful. It cleaned a hacked website that Imunify360 was unable to. They offer a 30 days trial. Their support is also fast and helpful.

    https://www.opsshield.com/

    I have a bunch of plugins (one of them may have a backdoor malware, but not 100% sure) from a WordPress site. ClamAV did not detect anything. If it's possible for you to test them using either cPGuard or Immunify360, please let me know and I will provide you the plugins link.
    Or anybody else with cPGuard/Immunify360 would like to test?

    Sure. I will scan then using cpguard, imunify360 and bitninja

    Thanks. Here are all the plugins and theme from the WordPress site
    https://bit.ly/3XvUwOw

  • @mohsengham said: Sure. I will scan then using cpguard, imunify360 and bitninja

    >

    can you please scan this as well?
    https://mega.nz/file/dOAxgQra#TmMkBLQQxhHS2AIEq_HPUDsF_VZKMAH8cYh6SdTqsyA

  • I use ConfigServer eXploit Scanner along with ImunifyAV (free).

    ConfigServer eXploit Scanner does real time and regular automated scanning. It detects and removes the malware.

    I run periodic manual scanning with ImunifyAV. For the malwares that CXS failed to detect and ImunifyAV is able to (a lot o times), I try to either figure a regex pattern for that file or use md5sum over cxs.extra file to manually add them to CXS.

  • @badhon_raj said:

    @stoned said:

    If you want I can send you some sample files, which clamav and maldet both reports as clean.

    Please upload the files to a free file upload host and post a link. I should like to examine them. Thank you.

    here:
    https://mega.nz/file/dOAxgQra#TmMkBLQQxhHS2AIEq_HPUDsF_VZKMAH8cYh6SdTqsyA

    the .ico files are included in wp-config.php file or index.php file like this:
    @include ("\057var\057www\057htm\154/in\156owi\164y/w\160-in\143lud\145s/f\157nts\057.65\0631db\0649.i\143o");

    the .php files are scattered around in different folders.

    Please let me know what you think.

    ClamAV without extra signatures doesn't find this malware. But with extra signatures it finds them:

    /home/www/cretaftp/mal_files/index.php: {HEX}Malware.Expert.md5.serialize.UNOFFICIAL FOUND
    /home/www/cretaftp/mal_files/d7wbv6zx.php: {HEX}Malware.Expert.generic.malware.160.UNOFFICIAL FOUND
    /home/www/cretaftp/mal_files/index2.php: {HEX}Malware.Expert.md5.serialize.UNOFFICIAL FOUND
    /home/www/cretaftp/mal_files/5w2nkpme.php: {HEX}Malware.Expert.generic.malware.160.UNOFFICIAL FOUND
    /home/www/cretaftp/mal_files/ico files/.6531db49.ico: {HEX}php.inject.miner2a2.489.UNOFFICIAL FOUND
    /home/www/cretaftp/mal_files/ico files/.41433d39.ico: {HEX}php.inject.miner2a2.489.UNOFFICIAL FOUND
    /home/www/cretaftp/mal_files/b418tlog.php: {HEX}Malware.Expert.generic.malware.160.UNOFFICIAL FOUND

    Thanked by 1badhon_raj
  • @CyberCr33p said: ClamAV without extra signatures doesn't find this malware. But with extra signatures it finds them:

    how do I get/enable this?

    what about false positives?

Sign In or Register to comment.