Our automated malware removal software for VPS and dedicated servers

As some of you know, we’ve been busy adding more features to our VPS and dedicated server software.

I thought it was time to let you know what we’ve been working on.

Currently our software works amazingly well at detecting the instant any files are changed or added to a VPS or dedicated server. If infected, it quarantines the original file and cleans it. If the infected file is a backdoor, it automatically removes it.

However, that is where our software stops – until now.

Our latest upgrade now reads the log files as well. So when a file in the themes folder is infected for a WordPress site, our software reads the log files and knows that it was the result of a stolen passwords. We know get a notification like this:

2013/12/23:06:03PM Samplewebsite.com had /public_html/wp-content/theme/xyz/index.php, header.php, footer.php files infected with the following code:
(malicious code would be displayed here)
According to the log files, a successful login was recorded from: 123.456.789.000 (show country of origin). This indicates that a stolen password was used.

So, not only will our software be able to clean the site, but it can also determine how it happened so we know, as your website security department, what to do to protect it.

Currently,  for VPS and dedicated servers that are using cPanel, we can also determine if the infection came in through a form on the infected website, if it was FTP and many other methods.

As part of our next development, we are working on tying into cPanel so we can change passwords on the fly as well. Imagine that your site was infected due to stolen FTP passwords. Wouldn’t it be nice to have our software, change the password for you, record it and save it? That would be like self-healing.

This would prevent a reoccurrence of that infection. We get notified, you get notified. It’s a beautiful thing.

We’re also working on auto-reporting to hosting providers. In our above scenario, we see that the IP address of: 123.456.789.000 is for a certain hosting provider. Our system will send an email with sanitized log file entries to abuse@… notifying that hosting provider that they have an infected site/server that is being used to launch attacks on other websites. We do this manually now and it’s been working quite well.

The hosting providers have been very quick to take care of the situation which just removes one more infected system from the Internet.

Another development in this latest update is that all file changes are sent to us. That way we can further analyze them to determine if a new type of infection has been released. With over 500 installations of our software installed on clients VPS’s and dedicated servers, we’re growing our database of infectious code, which helps us – help you.

If you have any other needs or wants, please send them to me and I’ll research the idea and it could be included in one of our upcoming releases.

Questions? Let me know…

If you’re a hosting provider and would like to offer this to your VPS and dedicated server customers, feel free to contact me.

You can always contact me at: traef@wewatchyourwebsite.com

Thank you.