Ive done both restart from SSH and restart the whole server but no changerestart ftpd from ssh.. restarting with whm is passing upload script feature
Ive done both restart from SSH and restart the whole server but no changerestart ftpd from ssh.. restarting with whm is passing upload script feature
I've sent you a pm..Ive done both restart from SSH and restart the whole server but no change
I think this is not this script do.Hi
Now I have question I think it would benefit all and would get this script step further.
How could I manually start this script to scan folder or folders for particular usre? It would come handy if we would have script witch could be start manualy or as cron job and would scan folders witch we set. Basiclly something like antivirus but with option to input own search string as this script offer.
Subject: Gumblar Attack !!! user : home
Warning !!!
03.10.2009 11:12:43 Saturday
There is a GUMBLAR ATTACK on account home
Infected file : /usr/home/james/iframetest/test4.html
Infection : (pattern removed) at line 1
Action : File moved to : /quarantine/clamav//test4.html.20091003111243
Password might be changed to : xxxxxxxxxxx
Ret : Array
hmmm...The script works under FreeBSD, good job.
One problem for us, its not picking up the username correctly and thus not changing the account password of compromised accounts.
I see the following:
Code:Subject: Gumblar Attack !!! user : home Warning !!! 03.10.2009 11:12:43 Saturday There is a GUMBLAR ATTACK on account home Infected file : /usr/home/james/iframetest/test4.html Infection : (pattern removed) at line 1 Action : File moved to : /quarantine/clamav//test4.html.20091003111243 Password might be changed to : xxxxxxxxxxx Ret : Array
Usually it will be /usr/home/usernamehmmm...
please send me right user path.. example : /home/username/ in linux
I'm going to add freebsd support![]()
Yes I will add a config option about platform...Usually it will be /usr/home/username
On this particular system it is something different entirely. Maybe a config option could be added to specify it?
Quarantine files not overwrited... But your ide is good, i will do it..Also, a neat feature would be to create a directory named after the username in the quarantine directory. As if more than one account becomes compromised and uploads done at the same time we could have the same files being quarantined, overwriting each other.
/quarantine/username/infectedfiles
Not yet... But I'm planning to add proftpd support. But I guess proftpd has not similar function to check files after or while upload...Could you provide manual for installing it on PROFTPd?
Thank you
Hello,check it out : anti-gumblar.oxio.net
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
M | ClamAV fails to start on CloudLinux 6 after updating to 100.0.8 solution | Security | 2 | |
![]() |
A problem I do not know have a solution | Security | 3 | |
J | Symlink Solution for OpenVZ / Virtuozzo | Security | 2 | |
![]() |
Solutions for handling ddos attacks? | Security | 3 | |
T | Hacking threat - and my idea for solution: | Security | 3 |