How Can I Prevent Malicious Code Injection?
Linode
Linode Staff
I continuously get websites on my linode affected by malicious code in javascript files. Usually files are replaced.
I cannot find a way to stop this activity. I already rebuild my linode, updated everything etc etc.
ClamAV doesn't alert me on these changes
In addition to this, after some time I boot the linode I get some strange processes running m cpu at 100%. I stop them and after som hours/days they come back. I cant't find the source executable of this.
Can you help me in some way? how can I monitor what is happening?
2 Replies
scrane
Linode Staff
Hey there,
I'm sorry to hear you are encountering this issue. My first recommendation for general security practice is to take a look at the following guides:
Securing Your Server
Linux Security Basics
Control Network Traffic With IPtables
Using Fail2Ban for Security
That being said, those likely won't help if malicious code is being injected via javascript files. While I can't be certain exactly how you have configured your system, I would recommend taking a look at this StackOverflow answer to see if that helps point you in the right direction. This Article also discusses how these sorts of injections work, and this article from Carnegie Mellon might also provide some solutions for you.
I hope this helps!
Thankyou scrane. Just to update you I followed these steps:
- enabled apache mod security
- restricted ssh access to public key login only
- set up rules to block all incoming traffic with UFW firewall, enabling just http and ssh (on different port)
Now cpu load is averaging 5% and network/io traffic are low. Websites now are clean.
I will keep monitoring the status