It is quite a common view that your server eventually will be the target of unethical hackers. They will try their best to hack into your server, inject their codes, and get the right to brag among their buddies (pathetic). There so many ways on how they gain access to the server but usually thanks to any accounts that used old scripts that often open for exploits.
You might often heard these terms:
1) trojan
2) mysql injection
3) shell script
4) rootkit
and a few more which only hackers know the way to hack your server. Well, today i’ll try to introduce a recommended application to scan possible malware codes that have been injected to your server, MALDET.
Upon login into ssh, type:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Extract the file:
tar xfz maldetect-current.tar.gz
Opens the folder:
cd maldetect-*
and install:
./install.sh
That’s it. Next is to scan the suspected folders in your server. For example:
maldet -a /home/username/public_html
The option -a means to scan all files and folders inside. You also can type -h for the available options.
When it finished, the link to the report will looks like this:
maldet –report 050910-1534.21135
Copy and paste the exact line in your ssh. If there were any hits, it will show in the report. Use it accordingly.
Disclaimer: Don’t fully depends on the maldet for malware detection. Maldet can’t detect every kind of malware, so some time the best way is to go through every files and check its modified date or suspicious file name.