On Thu, Dec 24, 2009 at 2:01 AM, Manu Verhaegen mav...@telenet.be wrote:
I have use the following command
grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log
grep 'ipadres' /var/log/httpd/acces
typo - ipadres should be ipaddress? And even with correct spelling,
that is probably not
centos@centos.org
Onderwerp: Re: [CentOS] attack
Aan: CentOS mailing list centos@centos.org
On Thu, Dec 24, 2009 at 2:01 AM, Manu Verhaegen mav...@telenet.be wrote:
I have use the following command
grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log
grep 'ipadres' /var/log
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
From: Manu Verhaegen mav...@telenet.be
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Could you be more specific...?
Anything in the log files?
JD
___
CentOS mailing
Anything from the accesslogs?
2009/12/24 Manu Verhaegen mav...@telenet.be
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
___
CentOS mailing list
On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote:
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
Hi Maverh,
I know this may sound like a silly question but how do you know your
server is
...@centos.org
To: centos@centos.org
ReplyTo: CentOS mailing list
Subject: [CentOS] attack
Sent: Dec 24, 2009 6:31 PM
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
december 2009 12:45
Aan: CentOS mailing list
Onderwerp: Re: [CentOS] attack
On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote:
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
Hi Maverh,
I know
at the moment everiting is solved i have block the IP adress but i d'ont have
found the script
- Oorspronkelijk bericht -
Van
: da...@pnyet.web.id [mailto:da...@pnyet.web.id]
Verzonden
: donderdag
, december
24, 2009 01:07 PM
Aan
: 'CentOS mailing list'
Onderwerp
: Re: [CentOS] attack
-Original Message-
From: centos-boun...@centos.org
[mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen
Sent: Thursday, December 24, 2009 7:04 AM
To: CentOS mailing list
Subject: Re: [CentOS] attack
at the moment everiting is solved i have block the IP adress
but i
Hello
On 12/24/2009 12:01 PM, Manu Verhaegen wrote:
We have plesk running, i have running logwatch and i have found a IP adress.
I have add it in the IP table to block it then the attack is solved.
We see a lot of outgouing emails a php script is used for sending many emails
possible stored
: donderdag 24 december 2009 13:08
Aan: 'CentOS mailing list'
Onderwerp: Re: [CentOS] attack
-Original Message-
From: centos-boun...@centos.org
[mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen
Sent: Thursday, December 24, 2009 7:04 AM
To: CentOS mailing list
Subject: Re
Hi,
i have Check my tmp directory and subdirectorys for std,
udp.pl no file exist. Also i have check /etc/passwd and
/etc/shadow for unusual users.
regards
Manu,
forgive me if i missed it when i deleted several of the posts in the thread
yet how hard is it to check all the
Obviously, if you are running several vhosts and plesk you likely have
other logs to check. Also, one can usually see the origin of the mail
injection in the maillog (e.g. complaints about setting to an unsafe
sender) or in the outgoing messages. At runtime you can see the connects
with full
Hi,
i ame checking this
thanks,
Manu
-Oorspronkelijk bericht-
Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Kai
Schaetzl
Verzonden: donderdag 24 december 2009 15:32
Aan: centos@centos.org
Onderwerp: Re: [CentOS] attack
Obviously, if you are running
december 2009 12:45
Aan: CentOS mailing list
Onderwerp: Re: [CentOS] attack
On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote:
Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
Hi
...@centos.org] Namens Kai
Schaetzl
Verzonden: donderdag 24 december 2009 15:32
Aan: centos@centos.org
Onderwerp: Re: [CentOS] attack
Obviously, if you are running several vhosts and plesk you likely have
other logs to check. Also, one can usually see the origin of the mail
injection
17 matches
Mail list logo