Re: [CentOS] attack

2009-12-25 Thread Joost Waversveld
: [CentOS] attack Aan: CentOS mailing list > On Thu, Dec 24, 2009 at 2:01 AM, Manu Verhaegen wrote: >> >> I have use  the following command >> grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log >> grep 'ipadres' /var/log/httpd/acces > &

Re: [CentOS] attack

2009-12-25 Thread Dave
On Thu, Dec 24, 2009 at 2:01 AM, Manu Verhaegen wrote: > > I have use  the following command > grep 'ipadres' /var/www/vhosts/*/statistics/logs/access_log > grep 'ipadres' /var/log/httpd/acces typo - ipadres should be ipaddress? And even with correct spelling, that is probably not what you want t

Re: [CentOS] attack

2009-12-24 Thread Fernando Hallberg
> Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Kai > Schaetzl > Verzonden: donderdag 24 december 2009 15:32 > Aan: centos@centos.org > Onderwerp: Re: [CentOS] attack > > Obviously, if you are running several vhosts and plesk you likely have > other

Re: [CentOS] attack

2009-12-24 Thread Andy Sutton
bericht- > Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Pete > Verzonden: donderdag 24 december 2009 12:45 > Aan: CentOS mailing list > Onderwerp: Re: [CentOS] attack > > On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote: > > Hi, > > >

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen
Hi, i ame checking this thanks, Manu -Oorspronkelijk bericht- Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Kai Schaetzl Verzonden: donderdag 24 december 2009 15:32 Aan: centos@centos.org Onderwerp: Re: [CentOS] attack Obviously, if you are running

Re: [CentOS] attack

2009-12-24 Thread Kai Schaetzl
Obviously, if you are running several vhosts and plesk you likely have other logs to check. Also, one can usually see the origin of the mail injection in the maillog (e.g. complaints about setting to an unsafe sender) or in the outgoing messages. At runtime you can see the connects with full UR

Re: [CentOS] attack

2009-12-24 Thread R-Elists
> Hi, > > i have Check my tmp directory and subdirectorys for std, > udp.pl no file exist. Also i have check /etc/passwd and > /etc/shadow for unusual users. > > regards Manu, forgive me if i missed it when i deleted several of the posts in the thread yet how hard is it to check all the p

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen
: donderdag 24 december 2009 13:08 Aan: 'CentOS mailing list' Onderwerp: Re: [CentOS] attack > -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen > Sent: Thursday, December 24, 2009 7:04 AM > To: Cent

Re: [CentOS] attack

2009-12-24 Thread Karanbir Singh
Hello On 12/24/2009 12:01 PM, Manu Verhaegen wrote: > We have plesk running, i have running logwatch and i have found a IP adress. > I have add it in the IP table to block it then the attack is solved. > We see a lot of outgouing emails a php script is used for sending many emails > possible stor

Re: [CentOS] attack

2009-12-24 Thread Thomas Dukes
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen > Sent: Thursday, December 24, 2009 7:04 AM > To: CentOS mailing list > Subject: Re: [CentOS] attack > > at the moment everiting is solved i

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen
inal Message-- >From: Manu Verhaegen >Sender: centos-boun...@centos.org >To: centos@centos.org >ReplyTo: CentOS mailing list >Subject: [CentOS] attack >Sent: Dec 24, 2009 6:31 PM > >Hi, > >My server is under attack allows the attacker to abuse of a php

Re: [CentOS] attack

2009-12-24 Thread Manu Verhaegen
zonden: donderdag 24 december 2009 12:45 Aan: CentOS mailing list Onderwerp: Re: [CentOS] attack On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote: > Hi, > > My server is under attack allows the attacker to abuse of a php script of a > vhost. How can I find what is the script. > &

Re: [CentOS] attack

2009-12-24 Thread david
...@centos.org To: centos@centos.org ReplyTo: CentOS mailing list Subject: [CentOS] attack Sent: Dec 24, 2009 6:31 PM Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh

Re: [CentOS] attack

2009-12-24 Thread Pete
On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote: > Hi, > > My server is under attack allows the attacker to abuse of a php script of a > vhost. How can I find what is the script. > > Regards, > maverh Hi Maverh, I know this may sound like a silly question but how do you know your ser

Re: [CentOS] attack

2009-12-24 Thread Tim Ke
Anything from the accesslogs? 2009/12/24 Manu Verhaegen > Hi, > > My server is under attack allows the attacker to abuse of a php script of a > vhost. How can I find what is the script. > > Regards, > maverh > > > > > > > ___ > CentOS mailing list > C

Re: [CentOS] attack

2009-12-24 Thread John Doe
From: Manu Verhaegen > My server is under attack allows the attacker to abuse of a php script of a > vhost. How can I find what is the script. Could you be more specific...? Anything in the log files? JD ___ CentOS mailing list CentOS@centos.

[CentOS] attack

2009-12-24 Thread Manu Verhaegen
Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos