MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Using LMD/Linux Malware Detect catch webshell exploit attempts
Full Version: Using LMD/Linux Malware Detect catch webshell exploit attempts
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

dandv

2014-08-09, 01:29 AM
Has anyone else been using maldet, the Linux Malware detector? It found some "JPG" avatars that a few evil users uploaded, with the webshell by oRb exploit as PHP code at the end of the JPG file.

You can install LMD by downloading the latest maldet version then running sudo install.sh from its directory.

Here's how to run a one-time scan of your MyBB installation:

  1. update maldet engine and signatures: sudo maldet -d; maldet -u
  2. scan the MyBB path: sudo maldet -a /var/www/yourmybbpath

LMD comes with a daily cron job located at /etc/cron.daily/maldet, which you can edit to scan custom paths for new malware.

dylanhart

2014-11-24, 08:34 PM
Lol does the PHP-at-the-end-of-a-JPG trick still work?
Security is really an illusion if they managed to do anything with this.

Josh H.

2014-11-27, 12:42 AM
(2014-11-24, 08:34 PM)dylanhart Wrote: [ -> ]Lol does the PHP-at-the-end-of-a-JPG trick still work?
Security is really an illusion if they managed to do anything with this.

Yup, has always been. Especially risky if you run a common, dangerous nginx configuration. Most guides by now have updated their config examples to protect those types of attacks though.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Using LMD/Linux Malware Detect catch webshell exploit attempts