As a server owner, have you ever had an experience where one or more of the websites hosted by you were reported as a phishing website? Another common issue to get blacklisted on different lists or getting abuse reports which inform you that your servers are attacking other nodes.
Perhaps this fact that we’re telling you isn’t new, which is the source of the outgoing attacks is an infection. A lot of hosting providers are frightened when they hear the word „malware,” and they have the reason for getting afraid.
ELK Cloner was the very first malware (previously known as a computer virus) in 1982. Since then, 37 years have passed, and the cyber terrorists have already realized how much profit they can earn by infecting servers and stealing data. Hackers are developing new techniques daily to trick security vendors.
Every businesses and individual are targeted by such threats, even though none of us want to suffer from the consequences. So, it is important for us to stay up-to-date with the new malware types and implement a powerful solution against infections.
Of course, there are several kinds of cyber attacks too, but in this article, I’ll put the focus on our Malware Detection and Malware Scanner modules, which will be your armor in this war.
BitNinja believes in the proactive protection system, as it is better to avoid the problem itself instead of solving the problem after it has happened. Getting infected by malware is only the third step of the botnet expansion lifecycle. We don’t want to allow hackers to reach that step. We are focusing on stopping the attacks on the very first step with several kinds of modules (Port Honeypots, DoS Detection, IP Reputation, WAF, etc…).
But… as we mentioned above there are always new, tricky techniques, so to provide full-stack protection, we can’t let our ninja friends without a Malware Detection and Malware Scanner module. Let’s see what the difference between them is:
(Real-time) Malware Detection: After installing BitNinja on your servers, this module will check the file changes with inotify tools, so it’ll catch the infected files in real-time (and quarantine them) if the attackers can break through the defense line. In conclusion, it means that Malware Detection will find malware, which was uploaded after installing BitNinja on the server.
(Scheduled/Manual) Malware Scanner: It usually happens that the server was already infected by malware when the BitNinja agent was installed. The Malware Scanner will check all your files to find previous infections.
While we put a lot of focus on Malware Detection about the recently released Defense Robot module, we haven’t forgotten about the importance of the manual malware scan either.
Cleaning your files is vital, so besides using the real-time Malware Detection module, we recommend to run a manual malware scan to find those files which were infected before your servers were protected (when BitNinja wasn’t running on them).
Important! As there can be a vast number of files on your servers, the Malware Scanner requires resources to examine them all. It might happen that you’ll experience a temporary load increase during the scan, so we recommend to run it when your users are not so active on your servers.
Previously, you could start such manual scans only in CLI, but as our purpose is to offer you a platform (BitNinja Dashboard) where you can manage everything that related your server security, we made it possible to run schedule and ad-hoc malware scans on the Dashboard.
From now on, you can easily start the manual malware scan from the Malware Scanner menu, which has been placed in the sidebar menu. Let’s look closely at what you can do there:
At the top of the menu, you can choose on which server would you like to start the scan (1). In this menu, you can enable the real-time Malware Detection module too (2), but it isn’t necessary to start the manual scan.
You have the chance to set up scheduled malware scans too or allow the Malware Scanner to run every time when the malware signature set is updated. (3)
Of course, you can check the result of the last scans (4) as well or start a new manual scan on a custom path (5). Want to check out the detected and quarantined infected files? Visit the Infected Files menu (or check the /var/lib/bitninja/quarantine folder on your server).
At the help section, you can find useful links if you need assistance (6), but as you know, we are always here to help you, just ping us at info@bitninja.io
Expand our malware signature set is essential to keep up with the hackers. We have great news for you!
Now, you have the chance to add custom malware signatures to your servers in CLI:
<code>[--add-file-to-signature-set=/path/to/malware][--comment="Your comment about why is the file a malware"]
Add a file to your local Malware Detection's md5 signature set.
Comment will be part of the malware's name. E.g.: {MD5}User added .
Default comment is the path to the file added to the signature set.</code>This new CLI option is only the beginning. The project will continue, and we’ll be working on improving the possibilities of adding new signatures and not only for 1 server in CLI but for all of your servers running under your BitNinja account.
Don’t worry, this won’t be all your job. Our tech ninjas will add new malware signatures to our database for the next part of the Malware Detection improvements. Stay tuned!
Remove the malware on your servers now! BitNinja Pro offers you an all-in-one protection system, which eliminates the hackers and bots in every phase of the attack cycle. Say goodbye to malware and the other types of attacks!
