Unidentifiable "malware" supposedly on our linode web svr
Got a complaint from Linode that doesn't provide any way to solve. Supposedly someone flagged "malware" whatever that may mean on our web server. How can I determine specifically what it means. We don't publish any such thing intentionally, but it's conceivable a user of a guest site said/did something naughty. Linode provided a time graph corresponding to today. Also a supposed URL that does not resolve from our server in any of several browsers. I suspect some sort of spoof. So how can I find out the details?
1 Reply
watrick
Linode Staff
When we open ToS tickets, there is a link for further details. I would start with the information provided there. There are some cases where the original report may contain information not passed along that we can provide if requested. These occurrences are rare and caused by how the reporter submitted the abuse report. You can ask if there's more information through the ticket that was opened, though I cannot guarantee that there will be more information that we can pass along.
Because Linode doesn't have access to the internals of your Linode, our Support team cannot directly assist you in resolving this for you. Accessing your Linode would be outside our scope of our support. What we can do is point you in a direction to help you resolve this on your own.
I would start by running a ClamAV Scan for Vulnerabilities on your Linode. This scan will check your Linode's files against a database of known malicious files. It's more programatic than trying to review the entire filesystem by yourself. Other scanning software I'd recommend are: