Category: CommunityTip: Using Maldet to Protect Your Server from Malware and Spammers

Share this post...Tweet about this on TwitterShare on Google+0Share on Facebook0
Photo credits: Christian Barmala

Photo credits: Christian Barmala

Everyone knows that spam is a huge problem. For most people, it’s simply an annoyance — nearly everyone has spam filtering in their email these days, and while some spam still gets through, it’s generally not a big deal. However, for hosting companies and server administrators, compromised accounts that send out spam cause huge problems, including poor server performance, total server shutdown, loss of customers, IP blacklisting, etc.

In pretty much every case, malware and spam on the server side is caused by compromised user accounts and/or exploiting vulnerabilities in common hosting packages like Wordpress. Therefore, the best ways to prevent these problems are to enforce strong passwords (something configurable in InterWorx by logging into NodeWorx and going to Server >> Settings) and to work with your users to keep their software up-to-date.

However, despite even the best prevention efforts, bad things can still happen. Thankfully, there’s a free tool to help root out compromised accounts and remove malware: maldet.

Maldet is specifically designed to detect malware in shared hosting environments, unlike many traditional anti-virus programs that just look for OS level trojans, rootkits and traditional file-infecting viruses. It’s also very simple to use.

First, you’ll need to install maldet:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxvf maldetect-current.tar.gz;
rm -rf maldetect-current.tar.gz;
cd maldetect-1.4.2/
./install.sh

Then, set maldet to do its initial run:

maldet -a /home/

or

maldet -a /chroot/home/

This will give you a report of what was found and cleaned on your system. As with nearly all linux programs, there are many options to customize how maldet is run. One very useful option is to do continuous monitoring , which can be done by running:

maldet --monitor users

This will scan your system on a continuous basis for issues, and the output will look something like the screenshot below:

Example of maldet monitoring results.

Example of maldet monitoring results.

For a full listing of maldet’s options, take a look at the readme or run “maldet –help” after it’s installed.

Mitigating the problems associated with spammers and malware is a constant in today’s hosting world, and regular running maldet (or using the monitor feature) should be part of every systems administrator’s standard procedures. It’s still vitally important to use strong passwords and make sure your customer’s applications are up-to-date, however — after all, if an account is compromised, the malware will just be reinstalled after it is cleaned.

What other tools do you use for dealing with malware?

LinuxmalwareSecurityspamSysAdmin ToolsSystem Administration
Sep 5, 2013, 3:18 pmBy: InterWorx (1) Comment
  1. Mark: I have been using MalDet for some time now and even their APF firewall rules for years and I have come to appreciate and realized how many times it has saved our butts. I encourage everyone to donate what you'd spend on a cup of coffee per month to support such open source programs that not only saves us hours of work but our image when we tackle down spam, run-away scripts and malware.
    April 5, 2016 at 12:53 pm
    Reply

Leave a Reply
Surround code blocks with <pre>code</pre>

Your email address will not be published.

Newsletter

Sign up to receive periodic InterWorx news, updates and promos!

New Comments

Current Poll

  • This field is for validation purposes and should be left unchanged.

Forum Posts