Hi, We have plesk running, i have running logwatch and i have found a IP adress. I have add it in the IP table to block it then the attack is solved. We see a lot of outgouing emails a php script is used for sending many emails possible stored in the database. I have use the following command grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log grep 'ipadres' /var/log/httpd/access.log it do not find any record. Regards, Manu Verhaegen -----Oorspronkelijk bericht----- Van: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Namens Pete Verzonden: donderdag 24 december 2009 12:45 Aan: CentOS mailing list Onderwerp: Re: [CentOS] attack On Thu, 2009-12-24 at 11:31 +0000, Manu Verhaegen wrote: > Hi, > > My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. > > Regards, > maverh Hi Maverh, I know this may sound like a silly question but how do you know your server is under attack ? As others have advised, have you checked your logs on the server ? What are you running that's being attacked ? /var/log/httpd /var/log/messages Regards, Pete. _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos