[CentOS] attack

Thu Dec 24 12:01:08 UTC 2009
Manu Verhaegen <maverh at telenet.be>


We have plesk running, i have running logwatch and i have found a IP adress.
I have add it in the IP table to block it then the attack is solved.
We see a lot of outgouing emails a php script is used for sending many emails possible stored in the database.

I have use  the following command
grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log
grep 'ipadres' /var/log/httpd/access.log

it do not find any record.

  Manu Verhaegen

-----Oorspronkelijk bericht-----
Van: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Namens Pete
Verzonden: donderdag 24 december 2009 12:45
Aan: CentOS mailing list
Onderwerp: Re: [CentOS] attack

On Thu, 2009-12-24 at 11:31 +0000, Manu Verhaegen wrote:
> Hi,
> My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script.
> Regards,
>   maverh

Hi Maverh,

I know this may sound like a silly question but how do you know your
server is under attack ? As others have advised, have you checked your
logs on the server ? What are you running that's being attacked ?





CentOS mailing list
CentOS at centos.org