ClamAV in ISP Config

Discussion in 'ISPConfig 3 Priority Support' started by illuder, Mar 5, 2022.

  1. illuder

    illuder Member

    I'm told by my host that :
    The website hosted on your network that is currently being used to host Android malware, called FluBot. Please fix this as soon as possible and get back to us. Otherwise we will suspend the server.

    so i'm looking to solve this problem, and exploring anti virus options.. 8 sites on the server has been hacked, whereby the wordpress usernames have been changed thus admin cannot login...

    any advice?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Standard ClamAV signatures are not well suited to clean a malware-infected website, they are simply not able to detect such malware. ClamAV is used for scanning emails only on an ISPConfig system. Use software that is specially made for that purpose to clean your system, like ISPProtect: The first scan with ISPprotect is free anyway.
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    For WordPress sites specifically, try wordfence, though you will have to reset your admin passwords via the database first to install it. Ispprotect will scan all types of sites though, not only WordPress.
  4. illuder

    illuder Member

    this is a message to conclude this thread.
    1- I used wordfence (free) to detect and clean the malware files
    2- after investigation, a WordPress plugin called 3columns was hijacked and caused this havoc
    3- i tried ISPprotect as suggested. unfortunately, the script somehow reset midway through the free scan and wouldn't allow to restart a new scan for free, but since i had found the problem, i opted not to scan. I must mention that they do offer a 5 scan package very reasonably priced, which i will use for future needed scans.
    4- phpmyadmin was access via global access, not via website, tx for that i know..

    Thank you to all involved in assisting.

Share This Page