Hi!
Is there any plugin or mod that can detect harmful code? Like the wordpress plugin wordfence? What is the best practice when your site has bean hacked?
Thanks Jocke
Here is a roadmap:
Hit /var/log/messages and look for any suspicious FTP or sudo activity. Do the same for /var/log/secure to make sure no one is mucking in SSH. Download and crawl the file structure and see if anything seems out of place...you can sort by date modified to see new stuff.
OWASP has a couple app scanner recommendations: https://www.owasp.org/index.php/Categor ... ning_Tools
If its clean, install Apache mod_security using the OWASP ruleset (this would block many future/current attempts)
Then you can run a OS level vuln test too with a popular tool such as http://www.openvas.org/
If its clean, install APF with BFD to prevent future brutes. Then install a cage or jail for the file system to prevent cross account/permission activity.
Finally, a PCI scan would be similar to OS scan except gets a bit more broad with focus to ecom: https://www.qualys.com/enterprises/qual ... ompliance/
Hit /var/log/messages and look for any suspicious FTP or sudo activity. Do the same for /var/log/secure to make sure no one is mucking in SSH. Download and crawl the file structure and see if anything seems out of place...you can sort by date modified to see new stuff.
OWASP has a couple app scanner recommendations: https://www.owasp.org/index.php/Categor ... ning_Tools
If its clean, install Apache mod_security using the OWASP ruleset (this would block many future/current attempts)
Then you can run a OS level vuln test too with a popular tool such as http://www.openvas.org/
If its clean, install APF with BFD to prevent future brutes. Then install a cage or jail for the file system to prevent cross account/permission activity.
Finally, a PCI scan would be similar to OS scan except gets a bit more broad with focus to ecom: https://www.qualys.com/enterprises/qual ... ompliance/
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Who is online
Users browsing this forum: No registered users and 7 guests
