Websites should be scanned regularly for malware. Jack Wallen shows you how to do this on Linux with the help of ISPProtect.
If you are a website admin, you know full well how important it is to keep your sites free from malware. After all, you don’t want to be serving up malicious code to unsuspecting users. So, what do you do? Do you rely on a typical malware scanner and hope it is capable of doing specific scans for specific file types on your web server’s document root (or your site’s data directory)? And what if your websites are being served up on the Linux platform (which they probably are)?
If that sounds like a scenario fitting your typical use-cases, there’s a very handy, command-line tool you can turn to … ISPProtect.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
ISPProtect is a malware scanner specifically designed for web servers and is capable of scanning for malicious files on all types of sites (including the likes of WordPress, Xoops, Joomla and Drupal. This scanner features:
- Signature-based and heuristic malware scanning.
- Can reveal insecure installation directories that should be removed.
- Reveals outdated WordPress plugins.
- MySQL database checks for malicious content.
ISPProtect isn’t free. You can use it on a trial basis, but eventually, you’ll have to purchase either a per-scan license or a yearly license. You can purchase “packs” of scans (5, 10, 25, 50, 100) or you can purchase the yearly license for about $92. Find out more information on costs on the ISPProtect price page.
I’m going to walk you through the process of installing and using ISPProtect on AlmaLinux.
What you’ll need
The only things you’ll need are a running instance of AlmaLinux (I’ll assume you have a web server running as well) and a user with sudo privileges. With those in hand, let’s protect those sites.
How to install ISPProtect
The first thing we’re going to do is install the dependencies. Log into AlmaLinux and install those packages with:
sudo dnf install php php-curl clamav -y
If you’re using a Ubuntu-based server distribution, the command to install the dependencies would be:
sudo apt-get install php7.4-cli php7.4-curl clamav -y
Switch to the admin user with:
Next, we’re going to create a directory to house the software with:
mkdir -p /usr/local/ispprotect
Give that new directory the proper permissions with the following commands:
chown -R root:root /usr/local/ispprotect
chmod -R 750 /usr/local/ispprotect
How to download and install ISPProtect
Change into the newly created directory with:
Download ISPProtect with the command:
Unpack the archive file with:
tar xzf ispp_scan.tar.gz
Finally create a link for the executable binary with the command:
sudo ln -s /usr/local/ispprotect/ispp_scan /usr/local/bin/ispp_scan
How to use ISPProtect
To initiate a scan, issue the command:
You should see the ISPProtect welcome screen (Figure A).
You will then be asked to enter a license (Figure B). Since we’re using this as a trial, type TRIAL and hit enter on your keyboard.
The scanner will then ask for the path to scan. You should enter either the web server document root (such as /var/www) or a directory housing data for your sites. Once you’ve done that (Figure C), hit Enter to launch the scan.
When the scan completes, it will report back to you if it’s found anything suspicious. Should it find something, you should act on it immediately.
One word of caution. The trial license only gives you one scan, so use it wisely. If, after the trial, you find ISPProtect is a good fit for your needs, purchase a license and scan at will.
There you have it, you’ve scanned your web server for malicious files using a simple, command-line tool. Enjoy.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.