Ispconfig protect servers against CTB-Locker

If you would chown all website files and folders of a website to root + mode 755, then this would protect you from the crypto locker but it will also prevent that the customer can update his cms, that he can install plugins or upload images to his blog etc. So I guess your customers won't like it.

Check that the backup system is working, make a newsletter to your customers and remind them that they update their cms.

 

An external firewall is a layer, something with an IDS, blocking known compromised hosts and such.

Just thinking out loud, if https://securelist.com/blog/research/73989/ctb-locker-is-back-the-web-server-edition/ is accurate, maybe you could create a bogus ./extensions.txt file, and maybe /crypt/ directory (or Crypt as seen in another post), and make them immutable, or root owned or such, it might help at the moment. But that's just till the script logic changes of course, so a quite short lived thing, if it does anything at all.

This might be a terrible idea, but those come cheaply , so: write an ispconfig interface module (http://docs.ispconfig.org/development/interface/building-an-interface-module/) with a brief message explaining to customers that their websites can be set to updatable mode or not, and a checkbox for each of their domains to do so. Set all websites to "not updatable" and make them root owned. Then run a cronjob to see if that updatable checkbox has changed status - if it has, change permissions on the website (to root or to the web user as needed). Maybe you'd need an exclusion list for each website, to not change ownership (eg. cache and other working/temp directories). Not a huge project, and would necessarily be disruptive to some sites/workflows, but would help a lot of them and give everyone a handle to turn on/off.