Script to Scan Linux Plesk Web Server for Malware / Badware Content

Posted on November 29, 2012

If you're reading this article, chances are that you have realized that you webserver has been infected with malware or badware due to your site being blocked on Google. Web server malware (or badware) is becoming increasingly popular. Websites are becoming infected with malicious code which redirects people to phishing or malware sites. Sometimes, your site can be ‘flagged' as being infected simply from being on a shared host or subnet.

Tracking infected web code in PHP, HTML, or Javascript code can be a nightmare. Luckily, this simply linux script should simplify that process.

Note: This script is not 100%. Due to the changing encoding methods of malware, there is no way to fully detect infection without manually looking through your files. However, this script should give you a pretty good lead on possible infection points.

First Step: Change account passwords

If you feel that there has been a breach of any kind, you should immediately change your Plesk server passwords. Parallels offers a mass user reset script.

Scanning for Web Server Malware

From your command prompt, run the following command:

Check the infected files in /root/infected.txt.

If you are still having troubling finding or resolving your web infection, please contact Night Lion Security offers website virus detection and removal services.

Leave a Reply

Your email address will not be published.

Contact Us

Have a question? Send us a message. We'll get back to you soon.