[CentOS] attack

Andy Sutton newslists at pessimists.net
Thu Dec 24 16:20:51 UTC 2009


http://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux

Wraps a lot of "good stuff" together for a plesk web server on CentOS.
Won't help much if you are already compromised, but it would be a good
addition.

 -Andy


On Thu, 2009-12-24 at 12:01 +0000, Manu Verhaegen wrote:
> Hi,
> 
> We have plesk running, i have running logwatch and i have found a IP adress.
> I have add it in the IP table to block it then the attack is solved.
> We see a lot of outgouing emails a php script is used for sending many emails possible stored in the database.
> 
> I have use  the following command
> grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log
> grep 'ipadres' /var/log/httpd/access.log
> 
> it do not find any record.
> 
> Regards,
>   Manu Verhaegen
> 
> 
> 
> -----Oorspronkelijk bericht-----
> Van: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Namens Pete
> Verzonden: donderdag 24 december 2009 12:45
> Aan: CentOS mailing list
> Onderwerp: Re: [CentOS] attack
> 
> On Thu, 2009-12-24 at 11:31 +0000, Manu Verhaegen wrote:
> > Hi,
> > 
> > My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script.
> > 
> > Regards,
> >   maverh
> 
> Hi Maverh,
> 
> I know this may sound like a silly question but how do you know your
> server is under attack ? As others have advised, have you checked your
> logs on the server ? What are you running that's being attacked ?
> 
> /var/log/httpd
> 
> /var/log/messages
> 
> 
> Regards,
> 
> Pete.
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos





More information about the CentOS mailing list