Plesk Panel "Web Statistics" Permission Issue
15.04.2022
Maldet is a malware detection software for Linux. This free software allows you to detect malicious software on your server. For more detailed information about Linux Malware Detect written
by R-fx Networks, visit http://www.rfxn.com/projects/linux-malware-detect/. Without further delay, let me provide you with information about the installation and usage of the program.
Installation
It is sufficient to run the following commands for
installation.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar zxvf maldetect-current.tar.gz
cd maldetect-*
sh install.shAfter the installation is completed successfully with these commands, a warning is necessary before
moving on to usage examples. Linux Malware Detect (maldet) consumes a significant amount of I/O on your hard disk during scanning. This can cause serious performance issues on slow or heavily loaded hard disks.
Usage
maldet –help will print all maldet
parameters to the screen.
Let’s do a sample command to scan a website that has been hacked or infected with a backdoor. If the cPanel user of the sample domain netinternet.com.tr on a cPanel server is netinter;
maldet -a
/home/netinter/public_htmlyou can start a malware scan of the relevant web page’s files with this command. When you start the scan, maldet shows you the number of files.
maldet(9174): {scan} 653⁄14045 files scanned: 0 hits 0
cleanedIn this example taken while the process is ongoing, you can see that only 653 of the 14045 files have been scanned so far. If harmful content is found it will be shown in the hits field, and if content is cleaned it will be
shown in the cleaned field.
When the scan is complete, maldet will print codes to the screen for reporting and cleaning. Examples are below.
maldet(9174): {scan} scan completed on /root/: files 14045, malware hits 1, cleaned
hitsThe above line tells us that 1 piece of harmful content was detected.
maldet(9709): {scan} scan report saved, to view run: maldet –report 081513-2051.9709The above line tells us that we need to type the maldet
–report 081513-2051.9709 command in our console to see the report, name, and other information about the harmful content. The numerical value in this command is automatically generated by the system for each scan.
maldet(9709): {scan}
quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 081513-2051.9709The above line tells us that we need to run the maldet -q 081513-2051.9709 command from the console to clean, delete, or quarantine all the
files in the report.
After this example, we will also provide information about some maldet settings.
maldet –report listcommand prints the scan operations you have previously performed to the screen.
maldet
–monitorcommand continuously performs scanning operations (e.g., maldet –monitor /home continuously scans files uploaded to the /home directory; to stop it, use the maldet -k command; since this operation continues running in the background, it can
cause very serious performance issues on slow or heavily loaded hard disks.)
maldet -a /home/?/public_htmlThe question mark in the command replaces the asterisk and allows you to scan the public_html folders inside all folders within the
/home folder. This way, you will have performed a malware scan on your entire server by scanning fewer files more quickly.
maldet -b : Runs long scan operations in the background. This way you can start a scan and close the SSH
connection. (e.g., maldet -b -a /home/)
maldet -u : Updates the Maldet virus database.
maldet -r : Scans only files added or changed on a specific day. (e.g., maldet -r /home/?/public_html 2 scans files from the last 2 days.)
maldet –restore : Restores
cleaned or quarantined files. If the software is damaged during virus cleaning, restore can be done with the scan number. (e.g., maldet –restore 081513-2051.9709)
maldet -p : Deletes all quarantined files, logs, and open sessions.
It is also
possible to customize the Maldet software by opening the conf file and editing the information inside it.
nano -w /usr/local/maldetect/conf.maldetIf you type the directory and command written above into the console as-is using the nano
editor, you can edit the maldet conf file. When editing the configuration file and running maldet in monitor mode, it allows you to configure it to send you emails about viruses it finds, automatically quarantine them, and change processing details related to
scanning.
On cPanel servers, if you wish, you can also ensure that accounts with viruses are automatically suspended by setting the quar_susp value in the configuration file to 1.
Leave a Comment
* Your comment will be published after approval.
Comments
0No comments yet. Be the first to comment!