| SYSTEM INFORMATION | |
|---|---|
| OS type and version | |
| Webmin version | 1.990 |
| Virtualmin version | 6.17-3 |
| Related packages | SUGGESTED |
Hi every one
I am running a VPS
the hosting provider sent a message mentioning my VPS is attacking other vps
I found high memory usage
I am working with WordPress sites, I am not expert, I keep updating the server with update messages and packages which it comes
now they suspended my VPS and asking to rebuild it which I don’t want it
please help
Hey, I just google’d “how scan linux server for malware” and got this 2021 link:
And, in case that link fails, here's the list:
1. Lynis
sudo apt-get install -y lynis
2. chkrootkit
sudo apt update
sudo apt install chkrootkit
3. rkhunter
sudo apt-get install rkhunter -y
4. ClamAV
sudo apt-get install clamav clamav-daemon -y
5. Linux Malware Detect
sudo apt-get -y install git
git clone https://github.com/rfxn/linux-malware-detect.git
cd linux-malware-detect/
sudo ./install.sh
6. Radare2
sudo apt-get install git
git clone https://github.com/radareorg/radare2
cd radare2 ; sys/install.sh
7. OpenVAS
8. REMnux
9. Tiger
sudo apt-get update
sudo apt-get install tiger
10. Maltrail
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install git python-pcapy python-setuptools
# Then, clone the official Maltrail Git repository:
git clone https://github.com/stamparm/maltrail.git
# Change the directory and run the Python script:
cd /mailtrail
python sensor.py
And, if you do re-install… here’s a script I wrote to generate long passwords:
#!/usr/bin/perl --
use strict; use warnings;
print generatePassword(64) . "\n";
exit;
sub generatePassword {
my $length = shift;
my $password = '';
my $alpha = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ';
my $nums = '23456789';
my $specials = '!#$%&()*+,-./:;<=>?@[\]^_{|}~';
my $possible = $alpha . $nums . $specials;
$password = substr($alpha, (int(rand(length($alpha)))), 1);
while (length($password) < $length) {
$password .= substr($possible, (int(rand(length($possible)))), 1);
}
return $password
}
You have done the right thing @elhassan by keeping your server updated in a timely manner and have therefore kept it secure; the malware is likely limited to one or more virtual servers. It is therefore safe to assume that your vps can be salvaged easily without your needing to rebuild it from scratch.
If your vps has been suspended, then the first thing to do is determine what are the ways available to you to access your files.
does your vps host offer access to your files via the control panel?
can you create a new vps and mount the image of the suspended vps on to it, so that your files may be accessed?
Once your files in the suspended vps can be accessed, you could do as @jimdunn suggests or you could try this short-cut:
In this way, you could bring back online those virtual servers / WordPress websites that do not have malware / are not attacking other vps’.
You also need to know the plugins you use, and configurations / settings.
Then together with those information u should go to the aplication / plugin sites and take care to stay informed about sercurity bugs. ( sometimes they have newsletter…)
When a security issue, most of the times updates are later then known the bugs.
Also take care to stay informer about CVE for those products, then you can decide to not use a (that) part if there is a security bug bu no update yet! (Sometimes they giv a timeley workarround a fast fix there)
Al this doesn’t help you now , but for future. 
CVE I mean example as this one:
hello friends
thanks for expert kind replies
the problem as addressed from hosting company was from one of the servers configured
they directed to
1 remove certain files
2- Ensure that themes and plugins are kept updated and remove ones that are old, not in use, and/or no longer updated by the author.
3-Installing the Wordfence WordPress plugin
so i will revise both the VPS and the server by contacting the theme provider and update you
thanks alot again
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.