I'm curious about best practices that ISP and hosting providers follow to getting rid of malwares and spam-spewing scripts on customers servers and accounts.
You follow a policy to prevent and fight issues like this or rely just on abuse reports?
For accounts (shared hosting or VPS) you could check files by antivirus or malware finder. For servers it is more complex as usually you have not direct access to customer servers but you could use many third party services to detect and isolate suspicious clients before receiving huge amount of abuses. Usually such services scan your ip's to find suspicious files etc.
Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168
Yes I know about this tools and we currently use this for protect our customers.Question is : according to some reports made by StopBadware many providers host customers that are heavily infected and no one shut down this accounts.Abuse reports are ignored?And what about prevention?
Thanks for answers.
Ideally something would be done to better educate end-users about the consequences of using scripts.
I have seen where customers order a webhosting account, install Joomla!, set it up for their needs, and they think they are done. Any script, any component or extension or plugin, has to be kept up to date. Installing a CMS or any script, is not the end, it is the beginning in terms of account security.
I do give props to Wordpress for recognizing this, and making it very easy for users to keep their Wordpress scripts up to date.
I'd use a combination of the aforementioned ClamAV and Linux Malware Detect malware scanners. While they won't be able to detect each and every piece of malware that a user uploads or that ends up on the server as a result of a successful file injection, in many cases they will, and these tools can help you identify accounts that are abused or have been compromised.
█ CoderJosh | Web Application Developer and Linux Server Admin
█ Web & Mobile App Coding | Troubleshooting | Tuning | Hardening | SysAdmin Services
Some hosting companies actually provide daily malware monitoring, alert their clients the moment malware is uploaded or intalled and help their clients resolve the situation free of charge, before the situation gets out of control.