The security of a website hosted on a VPS is as important as the security of a computer running an antivirus program. Security becomes even more important when the website is a business that generates profits and carries out transactions that use private data of its customers.
Configuring a firewall and updating the platform that drives the website together with the themes and plugins used are two ways to secure a website. In this article, we focus on Linux Malware Detect (LMD), a program that can be used to detect malware that can be injected into a website based on one or more vulnerabilities discovered by other people. To install and use LMD, you need to log in with user root. The program can also be run by a user on the server but can only scan files and folders from their own work directory.
If the budget does not allow the acquisition of ConfigServer Services (CXS), Linux Malware Detect is an alternative that should not be ignored. LMD uses MD5 for hash and HEX for detection, meaning that the digital signature databases can also be used by ClamAV.
LMD allows you – to perform scans for a specific folder through the command: maldet –scan-all /path/to/folder
– scan certain files from a folder to check for changes occurring within a range of days through the command: maldet – recent scanned /path/to/folder/ X (X = number of days) and of course allows running the program at certain time intervals using Cron.
Even if it’s a free tool, a GPLv2-licensed program, developers also provide signature updates, and the user can check this out by the command: maldet –update.
The program itself also receives updates at certain time intervals, switching to a new version through the command: maldet –update-ver.