Table of Contents

How to remove malwares from a Linux hosting server?

Update - 2018.01.24This article might involve paid solutions

Problem

There comes a time when you are like wondering what is happening to your server or in my case a hosting server where i would host my own and my clients websites..

and Baam! You get a warning from your datacenter or hosting provider that your server was sending many spam emails or even worst DOS – Denial of Service attacks.

You are like shit not this again and the timing could not have been worst 🙁

Anyway enough of drama, Below are the steps i have laid out how i go about in solving this problem.

Scanning: ClamAV

The first step is to scan for infected files, this can be done in multiple ways Here is using ClamAV which can be installed on most of the Linux servers.

I have modified, the commandline to simple output the results onto a txt file. This help does not cover the installations of ClamAV on your server, as this can be easily google searched.

clamav trademark
How To Remove Malwares From A Linux Hosting Server? 1

cd /tmp clamscan -r -i /home >> clamlog.txt

Scanning: Rkhunter

The rkhunter tool can be installed using following command on Ubuntu and CentOS based systems.

$ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter

To check your server with rkhunter run the following command.

rkhunter -c

Scanning: ISPProtect

The first step is to scan for infected files, this can be done in multiple ways but this is what works for me.

There are many scripts out there which can help you detect, but for me ISPprotect has helped, Its a paid one.

ispp logo detectives web
How To Remove Malwares From A Linux Hosting Server? 2

They give you a first free scan, So you might be able to try it out first as a trail on one of your servers.

So basically you connect to the server via SSH and run the script.

cd /tmp
wget https://www.ispprotect.com/download/ispp_scan.tar.gz
tar xzf ispp_scan.tar.gz
./ispp_scan
Instead of running the above script interactively, i let it run it in the background, just incase the connection gets lost.

./ispp_scan –path=/home –email-results=root@localhost –non-interactive –scan-key=AAA-BBB-CCC-DDD

ISPProtect Pricing

There Pricing is quiet affordable if you are running serious business. I simply got the 100 scan license option and use it when its required.

pasted into how to remove malwares from a hosting server
How To Remove Malwares From A Linux Hosting Server? 3

Malware Removal

So this part what gets challenging. There are multiple ways of doing this, but there is no single method which solves all problems.

Method1: Delete the infected files 

Method2: Anti-Malware from GOTMLS.NET

Since most of the problems i have seen are due to the WordPress site's infections. I use this tool to scan and fix the infected files.

Table of Contents

AppsFomo
Logo
Compare items
  • Themes (0)
  • Plugins (0)
  • Deals Platform (0)
  • FB Groups (0)
  • CDN (0)
  • PHP Scripts (0)
  • Hosting (0)
  • Web Panel (0)
  • Marketing (0)
  • Saas (0)
  • eCommerce (0)
  • Social Media (0)
  • Web Security (0)
  • Open Source Tools (0)
  • CMS (0)
Compare
0