How to Find a Website That Contains Malware

  1. High CPU Usage:

    • Signs: A website using unusually high CPU may indicate malware. This could be due to the site connecting to a command and control server or mining cryptocurrency using the server's resources.
    • Action: If the high CPU usage is unexpected, check running processes with strace to identify unusual activity. Look for unfamiliar files or code in the site's home directory.
    • Preventive Measure: Limit nproc and virtual CPU resources to prevent malware from monopolizing server performance.

  2. Long Running Binaries:

    • Signs: A website’s application container typically only runs website-related processes like PHP. If you notice unexpected binaries or processes with strange names, it could be malware.
    • Action: To terminate suspicious processes, use the following command: 
      kill -9 [process ID]

  3. Third-Party Security Plugins:

    • Plugins to Consider: Use third-party security tools to detect and prevent malware, including:
      • Bitninja
      • CPguard
      • Monarx

These steps help identify and mitigate potential malware infections on websites.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Terminology Guide

Enhance Terminology Guide Master Organisation: The entity that installed Enhance and manages...
How to Get the Full Path to a File

How to Get the Full Path to a File Open Websites in the left sidebar. Select the website...
Enable GZIP Compression

Enable GZIP Compression To enable Gzip compression using mod_deflate on a website: SSH into...
Increase Proxy Timeout in Apache

Increase Proxy Timeout in Apache To increase the proxy timeout for long-running scripts (e.g.,...
Adding a public SSH key for root access

Adding a Public SSH Key for Root Access To grant root access to a server via SSH using a public...