http://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux
Wraps a lot of "good stuff" together for a plesk web server on CentOS.
Won't help much if you are already compromised, but it would be a good
addition.
-Andy
On Thu, 2009-12-24 at 12:01 +0000, Manu Verhaegen wrote:
> Hi,
>
> We have plesk running, i have running logwatch and i have found a IP adress.
> I have add it in the IP table to block it then the attack is solved.
> We see a lot of outgouing emails a php script is used for sending many emails possible stored in the database.
>
> I have use the following command
> grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log
> grep 'ipadres' /var/log/httpd/access.log
>
> it do not find any record.
>
> Regards,
> Manu Verhaegen
>
>
>
> -----Oorspronkelijk bericht-----
> Van: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] Namens Pete
> Verzonden: donderdag 24 december 2009 12:45
> Aan: CentOS mailing list
> Onderwerp: Re: attack
>
> On Thu, 2009-12-24 at 11:31 +0000, Manu Verhaegen wrote:
> > Hi,
> >
> > My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script.
> >
> > Regards,
> > maverh
>
> Hi Maverh,
>
> I know this may sound like a silly question but how do you know your
> server is under attack ? As others have advised, have you checked your
> logs on the server ? What are you running that's being attacked ?
>
> /var/log/httpd
>
> /var/log/messages
>
>
> Regards,
>
> Pete.
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
