AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Tessando
Tessando
Flag for United States of America asked on

AntiVirus / Malware Recommendations for Amazon Linux

I have a Wordpress site running on a LAMP stack running in AWS EC2 that got compromised today. The hacker encrypted the small MySQL database with a Bitcoin address instead of the expected tables.

I would like to install some AntiVirus and Malware software as a future deterrent. It wouldn’t have done me a lot of good in this case, but I realized that the folks before me didn’t set this up.

1/ Do you have any recommendations for software that plays nicely with Amazon Linux (basically RedHat)?

2/ Do you have a favorite set of “go-to” installation and configuration instructions that you could share? I need something fairly simple to setup & automate updating heuristics and protecting the system.

Thanks for your help!
LinuxAnti-Virus AppsAWS
Avatar of undefined
Last Comment
David Favor
8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Dr. Klahn
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
David Favor
1) I have a Wordpress site running on a LAMP stack running in AWS EC2 that got compromised today. The hacker encrypted the small MySQL database with a Bitcoin address instead of the expected tables.

Happens for many reasons. Most common reasons - Running old software (Kernel/PHP/WordPress). Running any clear text login on system, like FTP not SFTP or HTTP not HTTPS. Using easily cracked passwords. Using common user/pass across many sites, where another site is hacked then the info is use to hack your site.

You must close all these holes first or hacks will reoccur.

2) I would like to install some AntiVirus and Malware software as a future deterrent. It wouldn’t have done me a lot of good in this case, but I realized that the folks before me didn’t set this up.

Won't help. As Dr. Klahn mentions, these only show a site has been hacked after the hack has occurred + potentially destroyed your system.

3) Do you have any recommendations for software that plays nicely with Amazon Linux (basically RedHat)?

See #2.

4) Do you have a favorite set of “go-to” installation and configuration instructions that you could share? I need something fairly simple to setup & automate updating heuristics and protecting the system.

Yes.

Recently there are some very ugly hacks going around. Here's what I've started doing for projects.

cd /path-to-wordpress-install

chown -R root:root .

chown -R www-data:www-data wp-content/uploads
chown -R www-data:www-data wp-content/cache

Open in new window


This locks files to only allow Apache to write upload files + cache files.

5) The only way back from any harsh hack is to restore a clean backup.

No one can ever be smarter than 1,000,000s of hackers attacking sites continuously.

You just have to be prepared to restore a backup when required.

This means you must store backups on an external machine, lest your backups be encrypted in a ransomware attack.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent