Manual Malware Scan – It's now available on the Dashboard
As a server owner, have you ever had an experience where one or more of the websites hosted by you were reported as a phishing website? Another common issue to get blacklisted on different lists or getting abuse reports which inform you that your servers are attacking other nodes.
Perhaps this fact that we’re telling you isn’t new, which is the source of the outgoing attacks is an infection. A lot of hosting providers are frightened when they hear the word „malware,” and they have the reason for getting afraid.
Malware is in the spotlight
ELK Cloner was the very first malware (previously known as a computer virus) in 1982. Since then, 37 years have passed, and the cyber terrorists have already realized how much profit they can earn by infecting servers and stealing data. Hackers are developing new techniques daily to trick security vendors.
Every businesses and individual are targeted by such threats, even though none of us want to suffer from the consequences. So, it is important for us to stay up-to-date with the new malware types and implement a powerful solution against infections.
Of course, there are several kinds of cyber attacks too, but in this article, I’ll put the focus on our Malware Detection and Malware Scanner modules, which will be your armor in this war.
Difference between Malware Detection and Malware Scanner module
BitNinja believes in the proactive protection system, as it is better to avoid the problem itself instead of solving the problem after it has happened. Getting infected by malware is only the third step of the botnet expansion lifecycle. We don’t want to allow hackers to reach that step. We are focusing on stopping the attacks on the very first step with several kinds of modules (Port Honeypots, DoS Detection, IP Reputation, WAF, etc…).
But… as we mentioned above there are always new, tricky techniques, so to provide full-stack protection, we can’t let our ninja friends without a Malware Detection and Malware Scanner module. Let’s see what the difference between them is:
(Real-time) Malware Detection: After installing BitNinja on your servers, this module will check the file changes with inotify tools, so it’ll catch the infected files in real-time (and quarantine them) if the attackers can break through the defense line. In conclusion, it means that Malware Detection will find malware, which was uploaded after installing BitNinja on the server.
(Scheduled/Manual) Malware Scanner: It usually happens that the server was already infected by malware when the BitNinja agent was installed. The Malware Scanner will check all your files to find previous infections.
The importance of the manual malware scan
While we put a lot of focus on Malware Detection about the recently released Defense Robot module, we haven’t forgotten about the importance of the manual malware scan either.
Cleaning your files is vital, so besides using the real-time Malware Detection module, we recommend to run a manual malware scan to find those files which were infected before your servers were protected (when BitNinja wasn’t running on them).
Important! As there can be a vast number of files on your servers, the Malware Scanner requires resources to examine them all. It might happen that you’ll experience a temporary load increase during the scan, so we recommend to run it when your users are not so active on your servers.
From now on, you can easily start the manual malware scan from the Malware Scanner menu, which has been placed in the sidebar menu. Let’s look closely at what you can do there:
At the top of the menu, you can choose on which server would you like to start the scan (1). In this menu, you can enable the real-time Malware Detection module too (2), but it isn’t necessary to start the manual scan.
You have the chance to set up scheduled malware scans too or allow the Malware Scanner to run every time when the malware signature set is updated. (3)
Of course, you can check the result of the last scans (4) as well or start a new manual scan on a custom path (5). Want to check out the detected and quarantined infected files? Visit the Infected Files menu (or check the /var/lib/bitninja/quarantine folder on your server).
At the help section, you can find useful links if you need assistance (6), but as you know, we are always here to help you, just ping us at info@bitninja.io
Adding new signatures
Expand our malware signature set is essential to keep up with the hackers. We have great news for you!
Now, you have the chance to add custom malware signatures to your servers in CLI:
<code>[--add-file-to-signature-set=/path/to/malware][--comment="Your comment about why is the file a malware"]
Add a file to your local Malware Detection's md5 signature set.
Comment will be part of the malware's name. E.g.: {MD5}User added .
Default comment is the path to the file added to the signature set.</code>
This new CLI option is only the beginning. The project will continue, and we’ll be working on improving the possibilities of adding new signatures and not only for 1 server in CLI but for all of your servers running under your BitNinja account.
Don’t worry, this won’t be all your job. Our tech ninjas will add new malware signatures to our database for the next part of the Malware Detection improvements. Stay tuned!
Avoid malware infections with BitNinja!
Remove the malware on your servers now! BitNinja Pro offers you an all-in-one protection system, which eliminates the hackers and bots in every phase of the attack cycle. Say goodbye to malware and the other types of attacks!
Proactive server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.