Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

Detect and remove malware on your Linux server

Detect and remove malware on your Linux server

Today, we learn how to remove malware in a Linux server. It is not 100% but it is the cheapest way to detect, clean or quarantine malware. I recommend this to be installed on all Linux server especially you are using open source CMS like WordPress for your website.

What is malware?

Malware is usually identified as any kind of harmful software or code that is harmful to devices.

Dangerous, invasive, and deliberately nasty, malware seeks to get into, harm, or deactivate computer systems, computer devices, networks, tablets, and mobile phone devices, often simply by taking general control over a device’s functions. Just like your flu, it disturbs with regular performance.

Malware is most about making income off you illicitly. Even though malware is not able to harm the physical equipment of devices or network system equipment it may take, encrypt, or erase your data, modify or maybe hijack main computer system capabilities, and spy on the device activity not having your knowledge or authorization.

Linux Malware Detect commonly referred to as Maldet is just an open-source malware scanner for Linux produced under the GNU GPLv2 license. The idea is built in and around the dangers experienced in shared hosted conditions. Install, configure and run this kind of free of charge software to detect and remove malware on your server.

Installation
Login as root or a user with root permissions into the server.

The source code of the current stable version of LMD or maldet is obtainable as a tarball in that link. Download it.

sudo wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Unpack that tarball.

sudo tar -xvf maldetect-current.tar.gz
After that, list its files to discover the directory in which it is set up. The directory is generally of the format maldetect-x.y.z where x.y.z is the version number. Switch to this directory.

cd maldetect-1.5
Check if perhaps the install.sh script is certainly there and installs it.

sudo ./install.sh

The next topic will teach you on how to configure maldet

How to prevent your website against hackers?

How to prevent your website against hackers?

We do not many cases but there is always a website was hacked and asked the same questions, how was my website hacked? And how to protect them?

There are a few reasons for your website was hacked. Occasionally, we can only share the possibilities until further investigation like checking the log files.

It is difficult to eliminate totally but we suggest you protect them. This will make hacking difficult or not possible.

Hackers are looking for backdoors to penetrate your website, only if you can shut it,  Here are some inexpensive ways to protect your website.

  • updated script and plugins – if you are using WordPress, Joomla or similar, always have up-to-date CMS, plugins and the PHP.
  • Limited your SQL connection or to local connection only.
  • Restrict your administration login page.
  • Use malware scanner to scan your website daily during off-peak.
  • Use WAF like Sucuri Firewall, you update less often which is useful to some.
  • Computers access to the website backend and control panel must install and scan by a good anti-virus/malware and up-to-date definition.
  • Use Strong Password for all users.
  • A penetration test. You can find a free solution online.
  • Use mod_security cPHulk brute-Force or Fail2ban – these can be found in popular cPanel or Plesk Onyx.
  • Use Firewall like CSF or APF. However, I don’t really recommend a software firewall. They can paralyse the website if you are under attacks while it takes resources from your server.

Lastly, you always have a backup copy can restore an up-to-date website.

Sucuri Firewall Pro is better?

Sucuri Firewall Pro is better?

Sucuri Firewall Pro is better? Yes, in a way. It depends on the users, and on how he or she is managing the website. However, I personally feel Sucuri is better and can be better.

In the market, Sucuri is not the only one markets website protection. There is big name like Cloudflare, Stachpath and others. But my discussion is on Sucuri today, and the Pro plan. They don’t have a free plan like Cloudflare. For their plans: You can find it here

I set up and use most, Actually, they do the job. However, I like Sucuri. The set up gives me a feeling that it is more secure for those choose to use their own DNS. The website webroot point to Sucuri proxy, not to your source. In this way, it is difficult to find your source IP and attack it.

Even your source IP is exposed, you can protect your web server only allowing sucuri proxies to access it. It is strongly recommended that you do that. When you are using a firewall proxy, your log will show the proxy IP instead. Sucuri has a tutorial on this, how The X-forward can be found here for the most web server.

Sucuri Package from us comes with monitoring too. You can check your website is status and infected by malware or not as little as 6 hours interval.

Most website proxies include CDN. With the feature, it speeds up your website. A bigger brand has more POP than Sucuri. However, never get the impression that the site responds faster. For example, my website vastspace.net scores 86 in Pingdom speed test with Sucuri and 72 only with the other firewall. Test location for both set up was the same. To confirm, I used GTmetrix, Yslow is 81 and 89 with Sucuri.

I feel too the website has loaded faster even the load time at GTmetrix has proven.  I’m not sure you have to pay more to improve loading speed (image loading speed for example) if this is the case, Sucuri is cheaper.

Sucuri is easy to understand and straight forward to most as compared to many web firewall. I found what I need, I have tried some web protection GUI. I’m either overwhelmed by the clickable icons or they have limited features. Actually, the worst feelings are having to pay for a particular feature. In my opinion, do not put them there but sell them as the addons.

Like I have mentioned, this is my opinion. Sucuri is value for money. It costs lesser than most, you will get website protection and speed. It is worth considering.

 

 

 

IDS in email server?

IDS in email server?

I have dealt with web hosting for many years now. SmarterMail is the only email server software comes with IDS. In case you didn’t know what is IDS? IDS is normally found in firewall known as intrusion detecting system. IDS has a set of rules if any connection has violated the rules, mitigation will kick in. The serve to minimize the risk of a server’s attack or hack.

SmarterMail as this to stop abnormal activities, like attempting to log in with failed passwords known as brute-force or similar. This has greatly reduced a compromised email account or server’s abuse. Base on my experience, SmarterMail email server has very low a compromised email account uses to send spam emails. Thanks to the IDS in SmarterMail.

CSF and WHM/ cPanel

This is commonly found in a WHM / cPanel VPS or dedicated server. Actually, CSF is effective and it is free. A lot of server admin will install them as soon as they have received it. But seriously speaking, how many users know how to tweak and optimise the performance. Honestly, very few and I always see people left them in auto-pilot mode and full stop. So what is CSF? Yes, it is a firewall and it is software based. It is installed onto the server.

There is nothing wrong to install a piece of free and useful software. Wait for a second, did I just say it was useful? In certain extent, it is a Yes. But I have seen many cases, CSF is added burden to the user.

I have seen many as I have said, they simply install and turned on the firewall. If you are doing this, you might accidentally block good users or in the worst situation, you are blocked. When such a thing has happened, may have treated the service is not available and it can be frustrating especially it has happened often. There is the case, like packet loss when you are pinging the server IP or domain name. This is because of CSF. Simply turn it off and everything is back to normal.

Don’t get me wrong, CSF is useful but you need to know how to use it. Without, it can be a hassle for you. So I never buy an idea like installing a software firewall on the server. Actually, if the attacks come, the firewall will eat up the resources on the server and eventually the server performance is affected. But a web firewall like Sucuri Firewall Pro does not install onto the server, it has offloaded the server and because of many distributed points, it helps to speed up a website if you are staying further from the source of the website.