malicious Archives - David Yin's Blog https://www.yinfor.com/tag/malicious/ Tech geek. Life geek. Sun, 23 Feb 2014 23:13:20 +0000 en-US hourly 1 https://wordpress.org/?v=6.7 https://www.yinfor.com/wp-content/uploads/2016/09/cropped-icon-120x120.png malicious Archives - David Yin's Blog https://www.yinfor.com/tag/malicious/ 32 32 How to install Linux Malware Detect on CentOS 6.3 https://www.yinfor.com/2013/02/how_to_install_linux_malware_d.html https://www.yinfor.com/2013/02/how_to_install_linux_malware_d.html#respond Thu, 07 Feb 2013 13:00:12 +0000 https://www.yinfor.com/?p=1109 Linux Malware Detect is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. Here is a HOWTO to show you the installation on CentOS 6.3. 1) SSH...

The post How to install Linux Malware Detect on CentOS 6.3 appeared first on David Yin's Blog.

Related posts:

  1. Install flash player on Centos 5.5
  2. How to install Apache2 With PHP5 And MySQL On CentOS 6.3
  3. How to install Crontab in CentOS 6.5 64bit
]]> Linux Malware Detect is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. Here is a HOWTO to show you the installation on CentOS 6.3.
1) SSH to CentOS server
2) Get the source package

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

3) Untar the source file

tar xvzf maldetect-current.tar.gz

4) Install Linux Malware Detect
From the step 3, I saw the the folder of source files is maldetect-1.4.1

cd maldetect-1.4.1
./install.sh

It will show the installation result, the most important part is the config file location.
lmd-install

It is /usr/local/maldetect/conf.maldet
5) Modify the config file

vi /usr/local/maldetect/conf.maldet

Change the email_addr to the email you can receive the scan result.
All other options are well commented, or self-explained.
6) Run the scan command to scan the files under folder /home

maldet --scan-all /home

The result will send to your email changed on step 5.
After installation, it will add a cron job to the system. Do the daily updating and scanning.

The post How to install Linux Malware Detect on CentOS 6.3 appeared first on David Yin's Blog.

Related posts:

  1. Install flash player on Centos 5.5
  2. How to install Apache2 With PHP5 And MySQL On CentOS 6.3
  3. How to install Crontab in CentOS 6.5 64bit
]]> https://www.yinfor.com/2013/02/how_to_install_linux_malware_d.html/feed/ 0 Abuse Alert from Burst.net – HTML/PicFrame.Gen https://www.yinfor.com/2012/10/abuse_alert_from_burstnet_-_ht.html https://www.yinfor.com/2012/10/abuse_alert_from_burstnet_-_ht.html#respond Thu, 25 Oct 2012 14:19:47 +0000 https://www.yinfor.com/?p=1062 It is the first time, I received the abuse alert form Burst.net, the VPS service provider. They said there is some malicious content on my VPS. Their backbone providers found it and reported to them and Burst ask me to...

The post Abuse Alert from Burst.net – HTML/PicFrame.Gen appeared first on David Yin's Blog.

Related posts:

  1. OpenVPN, Burst.Net, OpenVZ,
  2. Install vnstat on Centos at Burst.net to monitor the traffic
  3. Install LEMP on Centos 6.4 64bit at Burst.Net VPS
]]> It is the first time, I received the abuse alert form Burst.net, the VPS service provider.
They said there is some malicious content on my VPS. Their backbone providers found it and reported to them and Burst ask me to respond in 24 hours.

abuse-alert-1

I click the like they provided. It is a picture. It is just an image file with jpg extension. I can open it in the browser. But I want to do even more to investigate.
So I download it and use Notepad++, which is a free open source text editor software, to open it. At the end of the file, the harmful content is shown as below:


jpg-with-iframe-code

Now it is clean, one user of the website upload the picture file to website. He may not know it has problem. He may got it from the other site.
I open the jpg file with Photoshop, and save as another file. Then upload it to overwrite the old file on web server.
After that, I click rescan button on http://www.c-sirt.org site. Later the result is green. Incident is solved.
The second part of Burst.net email said I have to respond in 24 hours. So I reply the email to abuse@burst.net. Tell them what I did.
The url in the email is just one jpg file. I think maybe more than one has same issue. So I download all jpg files from the upimg folder, which stores all images files uploaded by site users.
Notepad++ has a function, call Find in files. Search “iframe” in all files under this folder including sub-folders.
find-in-files

The result is that I found 4 more jpg files with same iframe code.
The solutions is download it, photoshop open it, save as it, upload and overwrite it. Done.

The post Abuse Alert from Burst.net – HTML/PicFrame.Gen appeared first on David Yin's Blog.

Related posts:

  1. OpenVPN, Burst.Net, OpenVZ,
  2. Install vnstat on Centos at Burst.net to monitor the traffic
  3. Install LEMP on Centos 6.4 64bit at Burst.Net VPS
]]> https://www.yinfor.com/2012/10/abuse_alert_from_burstnet_-_ht.html/feed/ 0