: How to scan files for malware as they are uploaded to the website? My website got hacked, and I was able to locate the bad scripts the hacker entered and remove them. I am aware that there
My website got hacked, and I was able to locate the bad scripts the hacker entered and remove them.
I am aware that there are services available to scan your site for malware. I was wondering if there is any way to scan all the files as they are uploaded via FTP? It would be ideal to ensure that there are no viruses, bad iframes, or bad scripts when hackers try to upload files.
More posts by @Candy875
3 Comments
Sorted by latest first Latest Oldest Best
I'd second the opinion that scanning on-upload is too late, and you need to prevent anyone possibly getting that far.
If you have a copy of the site pre-hack, then you should really run a file-compare on it and make sure that you can account for everything that has changed on both the files and the database. They may have left a backdoor, even if you have removed all visible changes.
Many hacks do not use ftp, and most I have encountered are to add links for SEO rather than malware.
As such, your main job should really be to try and identify how they may have got in and use this as a lesson to increase security. If you are running a CMS (or any open-source software), than make sure it (and all extensions) are patched to the latest version - un-patched sites and badly written extensions are a very common way in. Password protecting any admin area via htaccess as well as the default log-in can also help prevent more automated attacks.
You could also lock your ftp down by ip if you are the only person accessing it and are in a position to update that when your IP changes.
I would say make the default upload folder non executable. Install any antivirus on your server depending on your os. Use cron to run the scan and use another cron timed immediately after that to copy files from the non executable folder to an executable one.
However the ultimate solution would be to prevent people from uploading files to your server by password protecting any access (ssh, ftp etc) because there are still open vulnerabilities Ostermiller mentioned.
What you are looking for would have to be implemented in the FTP server. Any 3rd-party service that scanned the files and then uploaded them to FTP could be bypassed by contacting the FTP server directly. I'm not aware of any FTP servers that implement malware checks.
The idea of adding this layer of protection to the FTP seems needlessly complex to me. It would be just as effective to choose a long secure password and only connect to your server over secure protocols such as sFTP.
FTP isn't the only thing that you have to lock down to prevent malware being installed on your site. I've also seen malware installed through:
SQL injection: hackers use requests to the website with embedded SQL to insert content anywhere in the database
Privilege escalation: another user on a shared host is able to access your files, or hackers are able to compromise another user and then use their account to get to your files.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.