In one cpanel i countered with malware (PHP) below. I detected and deleted it.
SMW-BLKH-SA-CLOUDAV-php.bkdr.wshll-NP723-0
I am requested to accept website maintenance. There is a misconfiguration in the old panel.
If I migrate websites to Virtualmin and probably configure them, the malware infection will still be a security issue, or Virtualmin can improve security.
Which security configuration is necessary?
You are welcome to install and configure a malware scanner on your system, no one is stopping you. It may even (though not confirmed) be possible to manage said software through Virtualmin now or in the future, however Virtualmin itself is a “control panel” not a malware scanner itself.
*** ClamAV is generally installed on a system for usage with email virus scanning, and technically could be used to scan files as well. However, I’m not certain how well it works as a “malware” scanner. Some anti-virus scanners (which ClamAV is) do detect malware, however the category “malware” often extends beyond “viruses”, so that might need to be taken into consideration. ***
Perhaps a new thread could be started if you or anyone else has ideas on potentially adding a such a scanner to the installation, and/or integrating it with Virtualmin either as a “module” in Webmin, or during/before/after a website is created. It might be an interesting idea to consider for the future development if we can get all the pieces and ideas together in some organized manner.
Why ? A sysadmin should be capable of thinking out of the box and being able to apply anything the sysadmin sees fit. As every instalation could be different it could be the point that virtualmin manages initial domain configuration and the sysadmin handles whatever is needed afterwards
I don’t have an immediate suggestion for malware protection, as typically if a site becomes infected (rarely), I just remove the site, and rebuild or reupload a backup that isn’t infected.
I do run a number of “system” security checks periodically, though no one specific tool is ever used, as different tools check different things.
One that is commonly used by many is “rkhunter”, though you do need to understand what it does, and how to make use of the results it provides.
It’s not a run it, and suddenly your system is healed type of thing… I’ve yet to find a tool that both detects and fixes malware issues, though some can fix “certain” issues.
For instance, Virtualmin does come with some tools to “validate virtual servers”, “fix permissions”… While this is not exactly a “malware detector or fixer”, running some of these tools “could” prevent certain malware attacks by simply making sure your system is properly configured.
Are you running wordpress by any chance? If so install wordfence, it scans for Malware.
It also can be configured to scan outside the wordpress folders.
A little note for beginners when you have a server infected you shall contact the HOSTING PROVIDER it’s their job to help you. It’s not related to Virtualmin.
Still in case you are heavily infected by a malware. The best is to back up manually and independently each part of your platform you want to keep. So the “public_html” all alone, then the DB all alone and each other part you need (Expecting the current malware can not move itself and hide in it, if it’s the case you will have to find the right cure. Maybe with the help of the hosting provider).
After your backup, reinstall the whole OS. And then install Virtualmin (without your backup). If the infection is still present it’s clearly an hosting platform problem (They must fix it). If the infection only happen after you bring back individually each of your backups …. Well, I repeat what I said, you will have to find the right cure for this specific “malware”.
Because every “malware detector” can not stop any kind of threat. Some need a very specific treatment. Again contact your hosting provider.
If they don’t do anything ??? Change of provider.(I don’t say they shall completely fix it, But they should provide a minimum of assistance)