{"id":56141,"date":"2020-07-02T14:51:14","date_gmt":"2020-07-02T19:51:14","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=56141"},"modified":"2020-07-02T14:51:14","modified_gmt":"2020-07-02T19:51:14","slug":"malware-scanners-for-cpanel-keeping-your-server-safe","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/malware-scanners-for-cpanel-keeping-your-server-safe\/","title":{"rendered":"Malware Scanners for cPanel: Keeping Your Server Safe"},"content":{"rendered":"\n

The web is awash with malware, and, as anyone who administers websites knows, web servers are a prime target. Malware criminals absolutely love<\/em> web hosting servers because they have exploitable network resources, they attract lots of visitors, and they are a rich source of data for identity theft and credit card fraud.<\/p>\n\n\n\n

Servers are also targets because they host software managed by non-technical publishers and retailers that don\u2019t prioritize security.<\/p>\n\n\n\n

Ignoring software updates or dealing with inferior software comes with a price. For example, earlier this year bad actors targeted almost a million WordPress sites through software vulnerabilities<\/a> which had already been fixed by developers, but users were slow to update and hackers got in.  <\/p>\n\n\n\n

What\u2019s more incredible is that malware campaigns on that large of a scale are common, and servers often come under attack within minutes<\/em> of going online. <\/p>\n\n\n\n

Does Your cPanel Server Need a Virus Scanner?<\/strong><\/h2>\n\n\n\n

Malware developers are tricky as they want to infiltrate your servers and they don\u2019t want you to know about it. They go to great lengths to make sure their code stays hidden because the longer it takes for you to find it, the longer they can take advantage of your servers and visitors. <\/p>\n\n\n\n

Without a virus scanner to monitor files for malicious code, you won\u2019t notice it\u2019s there until your site gets blocked or marked as unsafe.<\/p>\n\n\n\n

But how does malware get onto cPanel servers in the first place? <\/p>\n\n\n\n

Software Vulnerabilities<\/strong><\/h3>\n\n\n\n

Software can have bugs that cause security vulnerabilities that attackers use to give themselves root privileges, execute code remotely, or to inject backdoors into web applications. Often the vulnerabilities could be fixed if the software was updated, but it may also have zero-day vulnerabilities that have yet to be found and fixed by developers.  Many attacks exploit these vulnerabilities caused by coding errors, including cross-site scripting attacks and SQL injection attacks. <\/p>\n\n\n\n

Supply Chain Attacks<\/strong><\/h3>\n\n\n\n

Attackers love upstream software developers and their file servers. If they can compromise the server of a popular WordPress plugin, tens of thousands of sites will be infected<\/em> when users update or install the plugin. Look at the recent Magecart supply chain attacks<\/a>, which were solely responsible for the theft of hundreds of thousands of credit card numbers. <\/p>\n\n\n\n

Misconfiguration<\/strong><\/h3>\n\n\n\n

Attacks often succeed because site owners or server administrators misconfigure software. Your server might host a MongoDB database exposed to the open internet without password authentication. Or maybe the server\u2019s root password is \u201c123456\u201d or it hosts a site whose admin thinks \u201cpassword1\u201d will outsmart a dictionary attack. Web hosting servers are complex, with many layers of software, so it\u2019s all too easy to make a mistake that opens the door to an attacker and their malware.<\/p>\n\n\n\n

What Types of Malware Are a Risk On cPanel Servers?<\/strong><\/h2>\n\n\n\n

Malware comes in many shapes and sizes and each one has a specific purpose and behavior. Here are the most common ones:<\/p>\n\n\n\n