Normally, PHP files are developed on Windows platform using Xamp, Wamp, or so and then they are hosted on a Linux system running WAMP/XAMP/LAMP, but fairly treating the security issue it does not matters Windows or Linux? A malware program can be so potent that it can tempt the administrator to give a command on Linux that will allow the program run its installation with the Administrative rights.
Now on the malware programs are built with such care that even they do not let know how they are trying to hack the important data. They actually keep a mirage in front of the administrator which the administrator actually cleans and removes them and in the prevailing curtain, they actually inject and monitor the important ports.
Now the question is how to fight with these issues once the Server gets infected.
From my opinion just plug-out the server from all internet connection. And then go through the following steps:
If all your files have been injected to call a particular file, then in a jiffy you just take a back-up of that file:Now on the malware programs are built with such care that even they do not let know how they are trying to hack the important data. They actually keep a mirage in front of the administrator which the administrator actually cleans and removes them and in the prevailing curtain, they actually inject and monitor the important ports.
Now the question is how to fight with these issues once the Server gets infected.
From my opinion just plug-out the server from all internet connection. And then go through the following steps:
- Block all the ports.
- Identify the potential inject using grep command or so.
- Use the back of the module with no infection. Replace them if version and OS types are matching. Do not forget to take appropriate backups with each of the "root" user command that you provide.
- Now your clints server is running.
- Open only those ports that that are actually needed by clients to view their data.
- Watch the modified date of the Web Server infected modified module,
- Now you can go through the logs to see which of the commands have been issued by the "root" user during that time
- edit that global file and delete its entire content,
- save it and through "root" user change its permissions using chmod,
- Make that file write protected
No comments:
Post a Comment