ISPProtect Malware Scanner

Discussion in 'ISPConfig 3 Priority Support' started by Marcio Urakawa, Jun 10, 2020.

  1. Marcio Urakawa

    Marcio Urakawa Member HowtoForge Supporter

    I am looking to buy an ISPProtect Malware Scanner package for my server. Would you like to know about security updates, how often do they occur? I have a lot of problems with Wordpress.

    What is the recommended frequency to run the scanner?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I have run ISPProtect once a week.
    I do not know how often updates are made. It updates itself automatically so I never bothered to examine.
    I it is Worpress in particular, there is WordFence which is a good tool.
     
    Marcio Urakawa likes this.
  3. Marcio Urakawa

    Marcio Urakawa Member HowtoForge Supporter

    About WordFence it would be great, but for the price at the moment it would be unfeasible.

    Taking the opportunity on this security issue. I haven't accessed "Show overview" yet and an alert like:
    Code:
    [INTERFACE]: PHP IDS Alert.Total impact: 22<br/> Affected tags: xss, csrf, id, sqli, lfi<br/> <br/> Variable: COOKIE.experimentation_subject_id | Value: IjliMmUzMzZjLWFiMGYtNGU2Yy1hYjMzLWEzYTE3N2M4NDk3ZCI=--e49e64f0f0f6c5dccd15178b6e1c7553b71382b0<br/> Impact: 22 | Tags: xss, csrf, id, sqli, lfi<br/> Description: Detects common comment types | Tags: xss, csrf, id | ID 35<br/> Description: Detects MySQL comments, conditions and ch(a)r injections | Tags: sqli, id, lfi | ID 40<br/> Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43<br/> Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45<br/> <br/>
    Is this an ISP IDS? How can I manage?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Depends a bit on which new malware is found, we process new malware daily (on weekdays) and release signatures and whitelists when there are changes.

    Once a day.

    This is an internal IDS of ISPConfig, it protects the GUI, not the hosted sites. You can find its settings and whitelist file in /usr/local/ispconfig/security/ folder. Normally there is no need to manage it or change anything.
     
    Last edited: Jun 10, 2020
    Marcio Urakawa likes this.
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The free as in zero cost version of WordFence is what I have used.
     
    Marcio Urakawa and elmacus like this.
  6. Marcio Urakawa

    Marcio Urakawa Member HowtoForge Supporter

    I confess that I am tired of problems related to the invasion of sites where I work and I hope that with Ispconfig it will solve these problems a little. I was thinking of installing a reverse proxy to increase security as well. Does anyone have an opinion on?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig uses a quite secure setup, this helps to take care that an infected site does not infect the whole server, but it can not help to prevent that the site itself gets infected. To prevent that sites wit security vulnerabilities get infected, you need a web application firewall like mod_security for apache (its available for Nginx as well under a little different name).

    I don't think that a reverse proxy will be of any help with that matter, except you mean with reverse proxy a web application firewall and for a web application firewall, you don't need a reverse proxy.
     
    Th0m likes this.

Share This Page