How to check if your FTP server is working?

Update - 2018.01.24This article might involve paid solutions

Problem

There comes a time when you are like wondering what is happening to your server or in my case a hosting server where i would host my own and my clients websites..

and Baam! You get a warning from your datacenter or hosting provider that your server was sending many spam emails or even worst DOS – Denial of Service attacks.

You are like shit not this again and the timing could not have been worst 🙁

Anyway enough of drama, Below are the steps i have laid out how i go about in solving this problem.

back to menu ↑ back to menu ↑

Scanning: ClamAV

The first step is to scan for infected files, this can be done in multiple ways Here is using ClamAV which can be installed on most of the Linux servers.

I have modified, the commandline to simple output the results onto a txt file. This help does not cover the installations of ClamAV on your server, as this can be easily google searched.

cd /tmp clamscan -r -i /home >> clamlog.txt

back to menu ↑ back to menu ↑

Scanning: Rkhunter

The rkhunter tool can be installed using following command on Ubuntu and CentOS based systems.

$ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter

To check your server with rkhunter run the following command.

rkhunter -c

back to menu ↑ back to menu ↑

Scanning: ISPProtect

The first step is to scan for infected files, this can be done in multiple ways but this is what works for me.

There are many scripts out there which can help you detect, but for me ISPprotect has helped, Its a paid one.

They give you a first free scan, So you might be able to try it out first as a trail on one of your servers.

So basically you connect to the server via SSH and run the script.

cd /tmp
wget https://www.ispprotect.com/download/ispp_scan.tar.gz
tar xzf ispp_scan.tar.gz
./ispp_scan
Instead of running the above script interactively, i let it run it in the background, just incase the connection gets lost.
./ispp_scan --path=/home --email-results=root@localhost --non-interactive --scan-key=AAA-BBB-CCC-DDD

 

Leave a Reply

avatar
Photo and Image Files
 
 
 
  Subscribe  
Notify of
Login/Register access is temporary disabled
Compare items
  • Total (0)
Compare