: How to monitor outgoing server activity to detect malware? I have a website that has previously been victim of malware. I restored the site from an old backup and have made every effort to
I have a website that has previously been victim of malware. I restored the site from an old backup and have made every effort to lock down the server. I have no way to be absolutely certain that the backup I used is clean, and I'm worried that this malware may re-appear. I would like to use a tool to monitor outgoing port activity to detect signs of malware activity. Unfortunately I'm using a server host that does not give me shell access, so I need to use a tool that can be installed via FTP and used via the browser. My site is Joomla :( so a Joomla extension with this capability would work, but I haven't found that yet. Any suggestions. Many thanks
More posts by @Ravi8258870
1 Comments
Sorted by latest first Latest Oldest Best
What you're asking for isn't likely to exist since a PHP script can't monitor server traffic by itself. The best you can do is find a log analyzer that can analyze your server logs. But if your server is only configured to log standard http traffic, then it probably won't do you any good.
Your webhost might be running software that logs and/or monitors all of the server's network traffic, but you're certainly not going to gain access to those logs if you're using shared hosting.
Your best bet are:
Find a host that regularly scans their users' websites for malware and suspicious activity.
Find an app or service that will FTP to your site and scan for changes and report them to you (file, directory and/or permission changes).
Use something like w3ap, nessus, or acunetix to do some blackbox and whitebox testing on your site.
Read up on security best-practices (e.g. keeping Joomla up to date and subscribe to the Joomla security newsletter).
In these situations, it's always best to restore from a known clean copy. For instance, you ought to have a local copy of the site that you upload to your production server to update. As long as you only push updates to the webserver, there's little chance of your local copy becoming infected.
Otherwise, it's best to download a new copy of the latest version of Joomla and manually reinstall the extensions and templates you were using and reconfigure the site. Any other non-core files you wrote, you should manually check those to make sure they're not infected before applying them to the new site.
On a separate note, why are you using a webhost that only gives you FTP access? For less than /month you can get a shared hosting account from a decent webhost like DreamHost (who have excellent customer service and regularly scan their users' sites for malware) with practically unlimited storage/bandwidth as well as shell and SFTP access. And they don't charge you for stupid things like private registration or subdomains or extra SFTP accounts or MySQL databases.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.