Portal Home > Knowledgebase > Articles Database > How to scan hole server and remove any trojan SSH

How to scan hole server and remove any trojan SSH

Posted by gold2, 03-14-2012, 04:41 AM

Hi some of client sites hacker hack sites very fast i wounder how hacker hack sites very easy please help me to protect my client from hacker and how to scan hole server and remove all trojan Server Cpnginx /usr/bin/wget Have 750 /usr/bin/curl have 750 allow_url_fopen = Off Compiler Access = disabled clamav = installed csf = install clamscan to start a scan Result root@server1 [/home]# clamscan to start a scan WARNING: to: Can't access file to: No such file or directory WARNING: start: Can't access file start: No such file or directory WARNING: a: Can't access file a: No such file or directory WARNING: scan: Can't access file scan: No such file or directory ----------- SCAN SUMMARY ----------- Known viruses: 1162383 Engine version: 0.97.3 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 4.422 sec (0 m 4 s) root@server1 [/home]# Last edited by gold2; 03-14-2012 at 04:46 AM.

---

Posted by martin33, 03-14-2012, 08:28 AM

Hi, On our side, we are using Hive, to protect our servers : http://www.1h.com/products/hive beleive me : it worth it... if there is a hack in one account, it will be very hard for the hacker to compromise the whole server... + your customers will get 6 different php versions :-) and we setup this cron job to remove all viruses from /home directory : type this command : crontab -e and add this cron job : 30 5 * * * /usr/bin/clamscan /home -ir --remove=yes Here is also a complete tutorial i like to help secure your server : http://www.webhostingtalk.com/showthread.php?t=468168

---

Posted by lynxus, 03-14-2012, 08:29 AM

NESSUS is a good scanner.

---

Posted by martin33, 03-14-2012, 08:30 AM

also : take a look at this... http://weblogtoolscollection.com/arc...vulnerability/ we recently had some wordpress websites hacked very easily because of this :-p

---

Posted by gold2, 03-14-2012, 11:14 AM

Suppppppper Thank you

---

Posted by Server Management, 03-14-2012, 12:19 PM

For a start you need to start plugging holes to stop them getting hacked or defaced in the first place...

---

Posted by quantumphysics, 03-14-2012, 12:27 PM

if your sshd is compromised/you are probably rootkitted/flatten and reinstall already you have larger issues than trying to fix symptoms

---

Add to Favourites    Print this Article

Secure delete data on HDD (Views: 738)

Netearthone or eNom SSL? (Views: 801)

How to minimize the downtime during a transfer process (Views: 795)

NetBunch servers down??? (Views: 838)

Cpanel WHM Reseller recommendations again (Views: 803)