subject:"\[CentOS\] attack"

Re: [CentOS] attack

2009-12-25 Thread Dave

On Thu, Dec 24, 2009 at 2:01 AM, Manu Verhaegen mav...@telenet.be wrote: I have use the following command grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log grep 'ipadres' /var/log/httpd/acces typo - ipadres should be ipaddress? And even with correct spelling, that is probably not

Re: [CentOS] attack

2009-12-25 Thread Joost Waversveld

centos@centos.org Onderwerp: Re: [CentOS] attack Aan: CentOS mailing list centos@centos.org On Thu, Dec 24, 2009 at 2:01 AM, Manu Verhaegen mav...@telenet.be wrote: I have use the following command grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log grep 'ipadres' /var/log

[CentOS] attack

2009-12-24 Thread Manu Verhaegen

Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] attack

2009-12-24 Thread John Doe

From: Manu Verhaegen mav...@telenet.be My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Could you be more specific...? Anything in the log files? JD ___ CentOS mailing

Re: [CentOS] attack

2009-12-24 Thread Tim Ke

Anything from the accesslogs? 2009/12/24 Manu Verhaegen mav...@telenet.be Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh ___ CentOS mailing list

Re: [CentOS] attack

2009-12-24 Thread Pete

On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote: Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh Hi Maverh, I know this may sound like a silly question but how do you know your server is

Re: [CentOS] attack

2009-12-24 Thread david

...@centos.org To: centos@centos.org ReplyTo: CentOS mailing list Subject: [CentOS] attack Sent: Dec 24, 2009 6:31 PM Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen

december 2009 12:45 Aan: CentOS mailing list Onderwerp: Re: [CentOS] attack On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote: Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh Hi Maverh, I know

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen

at the moment everiting is solved i have block the IP adress but i d'ont have found the script - Oorspronkelijk bericht - Van : da...@pnyet.web.id [mailto:da...@pnyet.web.id] Verzonden : donderdag , december 24, 2009 01:07 PM Aan : 'CentOS mailing list' Onderwerp : Re: [CentOS] attack

Re: [CentOS] attack

2009-12-24 Thread Thomas Dukes

-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen Sent: Thursday, December 24, 2009 7:04 AM To: CentOS mailing list Subject: Re: [CentOS] attack at the moment everiting is solved i have block the IP adress but i

Re: [CentOS] attack

2009-12-24 Thread Karanbir Singh

Hello On 12/24/2009 12:01 PM, Manu Verhaegen wrote: We have plesk running, i have running logwatch and i have found a IP adress. I have add it in the IP table to block it then the attack is solved. We see a lot of outgouing emails a php script is used for sending many emails possible stored

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen

: donderdag 24 december 2009 13:08 Aan: 'CentOS mailing list' Onderwerp: Re: [CentOS] attack -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen Sent: Thursday, December 24, 2009 7:04 AM To: CentOS mailing list Subject: Re

Re: [CentOS] attack

2009-12-24 Thread R-Elists

Hi, i have Check my tmp directory and subdirectorys for std, udp.pl no file exist. Also i have check /etc/passwd and /etc/shadow for unusual users. regards Manu, forgive me if i missed it when i deleted several of the posts in the thread yet how hard is it to check all the

Re: [CentOS] attack

2009-12-24 Thread Kai Schaetzl

Obviously, if you are running several vhosts and plesk you likely have other logs to check. Also, one can usually see the origin of the mail injection in the maillog (e.g. complaints about setting to an unsafe sender) or in the outgoing messages. At runtime you can see the connects with full

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen

Hi, i ame checking this thanks, Manu -Oorspronkelijk bericht- Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Kai Schaetzl Verzonden: donderdag 24 december 2009 15:32 Aan: centos@centos.org Onderwerp: Re: [CentOS] attack Obviously, if you are running

Re: [CentOS] attack

2009-12-24 Thread Andy Sutton

december 2009 12:45 Aan: CentOS mailing list Onderwerp: Re: [CentOS] attack On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote: Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh Hi

Re: [CentOS] attack

2009-12-24 Thread Fernando Hallberg

...@centos.org] Namens Kai Schaetzl Verzonden: donderdag 24 december 2009 15:32 Aan: centos@centos.org Onderwerp: Re: [CentOS] attack Obviously, if you are running several vhosts and plesk you likely have other logs to check. Also, one can usually see the origin of the mail injection

Re: [CentOS] attack

Re: [CentOS] attack

[CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

Re: [CentOS] attack

17 matches

Site Navigation

Mail list logo

Footer information