1

We're offering a shared web hosting service, where many websites live on the same server.

Since a lot of people don't update their stuff, they get pirated all the time. Now, the websites are compartmentalized, so a pirated site doesn't spread to another one. But still, it is annoying: pirated sites sometimes attack sites elsewhere, or send spam, and then our whole server get banned.

I saw that Wordpress has plugins which scan a website and detect potentially fraudulent code. Is there something (ideally open source) that scan PHP and JS files in general?

I noticed that websites get hacked months before the hack is "activated", probably to make sure that all backups are also infected. It would be nice to detect the hack before it starts attacking.

Improve this question
1
  • Why not scan for the thousands of vulnerabilities that threat actors exploit to hijack a host? There are plenty of those available.
    – Greg Askew
    yesterday

1 Answer 1

Reset to default
2

Signature-based antivirus has been poor detecting malware in web sites including web shells that are typically planted on compromised sites. If you send one as a sample to VirusTotal it is likely that there are no detections at all.

For PHP, detecting obfuscation techniques would help finding malicious code on a site as those aren't used for legitimate code. JavaScript could be a bit worse, because "optimized" JavaScript might look like obfuscated.

One extra measurement could be limiting the connections a web server can make to the Internet and only accept what is known to be required. That would prevent the sites from attacking other servers as well as sending spam.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .