How Can I Prevent Malicious Code Injection?

Linode Staff

I continuously get websites on my linode affected by malicious code in javascript files. Usually files are replaced.
I cannot find a way to stop this activity. I already rebuild my linode, updated everything etc etc.
ClamAV doesn't alert me on these changes

In addition to this, after some time I boot the linode I get some strange processes running m cpu at 100%. I stop them and after som hours/days they come back. I cant't find the source executable of this.

Can you help me in some way? how can I monitor what is happening?

2 Replies

Hey there,

I'm sorry to hear you are encountering this issue. My first recommendation for general security practice is to take a look at the following guides:

Securing Your Server
Linux Security Basics
Control Network Traffic With IPtables
Using Fail2Ban for Security

That being said, those likely won't help if malicious code is being injected via javascript files. While I can't be certain exactly how you have configured your system, I would recommend taking a look at this StackOverflow answer to see if that helps point you in the right direction. This Article also discusses how these sorts of injections work, and this article from Carnegie Mellon might also provide some solutions for you.

I hope this helps!

Thankyou scrane. Just to update you I followed these steps:

  • enabled apache mod security
  • restricted ssh access to public key login only
  • set up rules to block all incoming traffic with UFW firewall, enabling just http and ssh (on different port)

Now cpu load is averaging 5% and network/io traffic are low. Websites now are clean.

I will keep monitoring the status

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct