Everyone knows that spam is a huge problem. For most people, it’s simply an annoyance — nearly everyone has spam filtering in their email these days, and while some spam still gets through, it’s generally not a big deal. However, for hosting companies and server administrators, compromised accounts that send out spam cause huge problems, including poor server performance, total server shutdown, loss of customers, IP blacklisting, etc.
In pretty much every case, malware and spam on the server side is caused by compromised user accounts and/or exploiting vulnerabilities in common hosting packages like Wordpress. Therefore, the best ways to prevent these problems are to enforce strong passwords (something configurable in InterWorx by logging into NodeWorx and going to Server >> Settings) and to work with your users to keep their software up-to-date.
However, despite even the best prevention efforts, bad things can still happen. Thankfully, there’s a free tool to help root out compromised accounts and remove malware: maldet.
Maldet is specifically designed to detect malware in shared hosting environments, unlike many traditional anti-virus programs that just look for OS level trojans, rootkits and traditional file-infecting viruses. It’s also very simple to use.
First, you’ll need to install maldet:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -zxvf maldetect-current.tar.gz; rm -rf maldetect-current.tar.gz; cd maldetect-1.4.2/ ./install.sh
Then, set maldet to do its initial run:
maldet -a /home/
maldet -a /chroot/home/
This will give you a report of what was found and cleaned on your system. As with nearly all linux programs, there are many options to customize how maldet is run. One very useful option is to do continuous monitoring , which can be done by running:
maldet --monitor users
This will scan your system on a continuous basis for issues, and the output will look something like the screenshot below:
For a full listing of maldet’s options, take a look at the readme or run “maldet –help” after it’s installed.
Mitigating the problems associated with spammers and malware is a constant in today’s hosting world, and regular running maldet (or using the monitor feature) should be part of every systems administrator’s standard procedures. It’s still vitally important to use strong passwords and make sure your customer’s applications are up-to-date, however — after all, if an account is compromised, the malware will just be reinstalled after it is cleaned.
What other tools do you use for dealing with malware?