http://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux
Wraps a lot of good stuff together for a plesk web server on CentOS.
Won't help much if you are already compromised, but it would be a good
addition.
-Andy
On Thu, 2009-12-24 at 12:01 +, Manu Verhaegen wrote:
Hi,
We have plesk running, i have running logwatch and i have found a IP adress.
I have add it in the IP table to block it then the attack is solved.
We see a lot of outgouing emails a php script is used for sending many emails
possible stored in the database.
I have use the following command
grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log
grep 'ipadres' /var/log/httpd/access.log
it do not find any record.
Regards,
Manu Verhaegen
-Oorspronkelijk bericht-
Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Pete
Verzonden: donderdag 24 december 2009 12:45
Aan: CentOS mailing list
Onderwerp: Re: [CentOS] attack
On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote:
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
Hi Maverh,
I know this may sound like a silly question but how do you know your
server is under attack ? As others have advised, have you checked your
logs on the server ? What are you running that's being attacked ?
/var/log/httpd
/var/log/messages
Regards,
Pete.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos