Prevention and Detection of Botware and Malware
To prevent any botware or malware regularly update the operating system and software patches on the server. This can be completed by running the servers package management updater.To block domains that are known to be distributing malware, use the following lists:
Other actions to take:
- Blocking IRC ports which offers some protection against older generation of botnets.
- Change your server passwords often, including any administrative users and the root password.
- Run the chkrootkit, rkhunter, and clamav server application tools regularly.
- Update any php applications installed on the server as soon as new versions are released.
- Check for new users that shouldn't have live accounts on the server.
- Check for traffic spikes, usually when a server is compromised it is being used for file transfer or flooding traffic.
- Run the rootkit checks, chkrootkit/rkhunter.
- Run a open source virus scanner such as ClamAV.
- Check for any new PHP or other scripts that legitimate users have not uploaded.
- Check /tmp for any malicious files or activity.