1

We had yesterday an trojan upload on our debian lenny server. It cost 6 hours of repairing several sites + local pc's. At 1 of the local pc I discovered that the firewall was set to disabled. The pc was also infected with this Trojan:JS/BlacoleRef.W Why do this pc had an ftp account to our server? For daily upload the shipping tracking to the server + weekly upload of a new newsletter.

Question: is there a existing solution on the server to test all the ftp/ssh uploads. This should help us very much.

Pshemo
  • 122,468
  • 25
  • 185
  • 269
user1575807
  • 21
  • 2

1 Answers1

0

The first thing to do is, obviously, to keep all your machines clean, even the clients.

FTP

It depends on the deamon you use. Typically there is no server-side scan of what's uploaded, but proftpd has a modular architecture and you can write your mod_content_checker that inspect the uploads and rejects files that don't line up with your policy.

You could also scan the files with clamv.

SSH / rsync

You can use a forced command with a script that scans the files.

but keep all your machines clean.

InternetSeriousBusiness
  • 2,605
  • 16
  • 17