Websites should be scanned regularly for malware. Jack Wallen shows you how to do this on Linux with the help of ISPProtect.

If you are a website admin, you know full well how important it is to keep your sites free from malware. After all, you don’t want to be serving up malicious code to unsuspecting users. So, what do you do? Do you rely on a typical malware scanner and hope it is capable of doing specific scans for specific file types on your web server’s document root (or your site’s data directory)? And what if your websites are being served up on the Linux platform (which they probably are)?

If that sounds like a scenario fitting your typical use-cases, there’s a very handy, command-line tool you can turn to … ISPProtect.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

ISPProtect is a malware scanner specifically designed for web servers and is capable of scanning for malicious files on all types of sites (including the likes of WordPress, Xoops, Joomla and Drupal. This scanner features:

  • Signature-based and heuristic malware scanning.
  • Can reveal insecure installation directories that should be removed.
  • Reveals outdated WordPress plugins.
  • MySQL database checks for malicious content.

ISPProtect isn’t free. You can use it on a trial basis, but eventually, you’ll have to purchase either a per-scan license or a yearly license. You can purchase “packs” of scans (5, 10, 25, 50, 100) or you can purchase the yearly license for about $92. Find out more information on costs on the ISPProtect price page.

I’m going to walk you through the process of installing and using ISPProtect on AlmaLinux.

What you’ll need

The only things you’ll need are a running instance of AlmaLinux (I’ll assume you have a web server running as well) and a user with sudo privileges. With those in hand, let’s protect those sites.

How to install ISPProtect

The first thing we’re going to do is install the dependencies. Log into AlmaLinux and install those packages with:

sudo dnf install php php-curl clamav -y

If you’re using a Ubuntu-based server distribution, the command to install the dependencies would be:

sudo apt-get install php7.4-cli php7.4-curl clamav -y

Switch to the admin user with:

su

Next, we’re going to create a directory to house the software with:

mkdir -p /usr/local/ispprotect

Give that new directory the proper permissions with the following commands:

chown -R root:root /usr/local/ispprotect

chmod -R 750 /usr/local/ispprotect

How to download and install ISPProtect

Change into the newly created directory with:

cd /usr/local/ispprotect

Download ISPProtect with the command:

wget http://www.ispprotect.com/download/ispp_scan.tar.gz

Unpack the archive file with:

tar xzf ispp_scan.tar.gz

Finally create a link for the executable binary with the command:

sudo ln -s /usr/local/ispprotect/ispp_scan /usr/local/bin/ispp_scan

How to use ISPProtect

To initiate a scan, issue the command:

ispp_scan

You should see the ISPProtect welcome screen (Figure A).

Figure A

Launching ISPProtect immediately reveals the welcome screen.
Launching ISPProtect immediately reveals the welcome screen.

You will then be asked to enter a license (Figure B). Since we’re using this as a trial, type TRIAL and hit enter on your keyboard.

Figure B

If you have already purchased a license, type it here.
If you have already purchased a license, type it here.

The scanner will then ask for the path to scan. You should enter either the web server document root (such as /var/www) or a directory housing data for your sites. Once you’ve done that (Figure C), hit Enter to launch the scan.

Figure C

You must type the full path to the directory you want to be scanned.
You must type the full path to the directory you want to be scanned.

When the scan completes, it will report back to you if it’s found anything suspicious. Should it find something, you should act on it immediately.

One word of caution. The trial license only gives you one scan, so use it wisely. If, after the trial, you find ISPProtect is a good fit for your needs, purchase a license and scan at will.

There you have it, you’ve scanned your web server for malicious files using a simple, command-line tool. Enjoy.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.



Source link