Main Area and Open Discussion > Living Room

Website hacking - tools to help spot issues

(1/4) > >>

Carol Haynes:
I have been building websites for a few years now using Joomla but recently my server seems to be under regular attack.

The attacks seem to be of the form that a php script is injected into a folder and used to pour out spam.

The trouble is with a lot of websites it isn't practical to wade visually through dozens of folders regularly to look for scripts.

The data centre has scanned the server for malicious scripts but I have already spotted and deleted a few that were missed.

Life currently feels like a war of attrition - I am spending so much time dealing with issues I now either need to pack it all in and give up or find a way to monitor user accounts to ensure I catch scripts and deal with them efficiently.

I am not sure how these scripts are even getting there - it isn't the clients I have. Even websites that are running the latest build of Joomla and a few well known and trusted extensions seem to be plagued.

Has anyone any suggestion where I can start.

One simple solution is to find a way to get the server to report when files are added to user accounts (preferably by email so that I can constantly monitor what is happening - with a couple of a notable exceptions most of the websites only change occasionally) - does anyone know a way to do this?

Any help or suggestions would be gratefully received.

The server is running Apache and WHM/CPanel.

I am not particularly technically minded when it comes to Linux - I just want to set up and maintain a few small local business and individual websites and not be driven batty by constant annoyances.

wraith808:
I know that the datacenter that I use has something in place- it sends out e-mails to the user (and perhaps the admin) whenever any script is uploaded that sends e-mails.  I'm not sure of *how* it does it- but I do know it's at least possible.

Note: If this is the first time you received this mail, it contains the history for the entire month so far.

Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

--- End quote ---

It does come from cPanel on my server, so perhaps it's something in that?  I did some searching on newmailcgi which is in the subject for those e-mails- it's apparently a setting in WHM, though I can't seen any verification of the same.

Carol Haynes:
Thanks I will check that out - that would be ideal - but it would also be nice to have a report of any new files added to the server - since I don most of the website maintenance for clients I shouldn't see much that I don't expect.

Out of curiosity does anyone know any way to scan MySQL databases for potential injection issues?

wraith808:
It does have a list of files- I just didn't include that part :)

Carol Haynes:
OOOOOOOOOOO  if that really works it will make my day!  :-* :-* :-*

Navigation

[0] Message Index

[#] Next page