http://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux Wraps a lot of "good stuff" together for a plesk web server on CentOS. Won't help much if you are already compromised, but it would be a good addition. -Andy On Thu, 2009-12-24 at 12:01 +0000, Manu Verhaegen wrote: > Hi, > > We have plesk running, i have running logwatch and i have found a IP adress. > I have add it in the IP table to block it then the attack is solved. > We see a lot of outgouing emails a php script is used for sending many emails possible stored in the database. > > I have use the following command > grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log > grep 'ipadres' /var/log/httpd/access.log > > it do not find any record. > > Regards, > Manu Verhaegen > > > > -----Oorspronkelijk bericht----- > Van: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Namens Pete > Verzonden: donderdag 24 december 2009 12:45 > Aan: CentOS mailing list > Onderwerp: Re: [CentOS] attack > > On Thu, 2009-12-24 at 11:31 +0000, Manu Verhaegen wrote: > > Hi, > > > > My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. > > > > Regards, > > maverh > > Hi Maverh, > > I know this may sound like a silly question but how do you know your > server is under attack ? As others have advised, have you checked your > logs on the server ? What are you running that's being attacked ? > > /var/log/httpd > > /var/log/messages > > > Regards, > > Pete. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos