Hi,
My server is under attack allows the attacker to abuse of a php script of a
vhost. How can I find what is the script.
Regards,
maverh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
From: Manu Verhaegen
> My server is under attack allows the attacker to abuse of a php script of a
> vhost. How can I find what is the script.
Could you be more specific...?
Anything in the log files?
JD
___
CentOS mailing list
CentOS@centos.
Anything from the accesslogs?
2009/12/24 Manu Verhaegen
> Hi,
>
> My server is under attack allows the attacker to abuse of a php script of a
> vhost. How can I find what is the script.
>
> Regards,
> maverh
>
>
>
>
>
>
> ___
> CentOS mailing list
> C
On Thu, 2009-12-24 at 11:31 +, Manu Verhaegen wrote:
> Hi,
>
> My server is under attack allows the attacker to abuse of a php script of a
> vhost. How can I find what is the script.
>
> Regards,
> maverh
Hi Maverh,
I know this may sound like a silly question but how do you know your
ser
Triying find to what are users running on spacific command, you should using
top or ps or netstat please read the manual how to use it. After all and you
get some info unpluge your server from internet, see what log says.
--Original Message--
From: Manu Verhaegen
Sender: centos-boun...@c
Hi,
We have plesk running, i have running logwatch and i have found a IP adress.
I have add it in the IP table to block it then the attack is solved.
We see a lot of outgouing emails a php script is used for sending many emails
possible stored in the database.
I have use the following command
g
at the moment everiting is solved i have block the IP adress but i d'ont have
found the script
>- Oorspronkelijk bericht -
>Van
: da...@pnyet.web.id [mailto:da...@pnyet.web.id]
>Verzonden
: donderdag
, december
24, 2009 01:07 PM
>Aan
: 'CentOS mailing list'
>Onderwerp
: Re: [CentOS] att
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Manu Verhaegen
> Sent: Thursday, December 24, 2009 7:04 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] attack
>
> at the moment everiting is solved i have block the IP adress
On Thu, Dec 24, 2009 at 1:58 AM, hadi motamedi wrote:
> Thank you very much for your kind contineous support . At last , I have yum
> on my client .
Now please run a 'yum update' as you have several packages with known,
published security vulnerabilities including your kernel, and udev.
Doing t
Hello
On 12/24/2009 12:01 PM, Manu Verhaegen wrote:
> We have plesk running, i have running logwatch and i have found a IP adress.
> I have add it in the IP table to block it then the attack is solved.
> We see a lot of outgouing emails a php script is used for sending many emails
> possible stor
Hi,
i have Check my tmp directory and subdirectorys for std, udp.pl no file exist.
Also i have check /etc/passwd and /etc/shadow for unusual users.
regards
-Oorspronkelijk bericht-
Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Thomas
Dukes
Verzonden: donde
Barry Brimer wrote:
I tried for the other engaged rpm packages one-by-one . But at last , only
the following one remained as unresolved :
[r...@mss-1 tmp]# rpm -Uvh yum-fastestmirror-1.1.16-13.el5.centos.noarch.rpm
warning: yum-fastestmirror-1.1.16-13.el5.centos.noarch.rpm: Header V3 DSA
signatur
> Hi,
>
> i have Check my tmp directory and subdirectorys for std,
> udp.pl no file exist. Also i have check /etc/passwd and
> /etc/shadow for unusual users.
>
> regards
Manu,
forgive me if i missed it when i deleted several of the posts in the thread
yet how hard is it to check all the p
Obviously, if you are running several vhosts and plesk you likely have
other logs to check. Also, one can usually see the origin of the mail
injection in the maillog (e.g. complaints about setting to an unsafe
sender) or in the outgoing messages. At runtime you can see the connects
with full UR
On Thu, 24 Dec 2009, Rob Kampen wrote:
> Forgive me for thread stealing - lsb 3.1 is the current CentOS supported
> version.
> I have some postscript / cups / printer drivers that insist on lsb 3.2 -
> anyone know if this is possible?
> TIA Rob
This (LSB 3.2 -- last in the 3 series) is not re
Hi,
i ame checking this
thanks,
Manu
-Oorspronkelijk bericht-
Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Kai
Schaetzl
Verzonden: donderdag 24 december 2009 15:32
Aan: centos@centos.org
Onderwerp: Re: [CentOS] attack
Obviously, if you are running several
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
tdu...@sc.rr.com wrote:
>> mark
>
> We have been searching the internet since Tuesday.
>
> We have already tried installing a video card, that didn't work. The beeps
> at start up indicate to check the video ram. It will boot and run if we put
We've got a developer here who needs to use both java and openjdk. I was
giving her sudo for alternatives, but my manager would prefer that I look
into environment-modules. I've installed it, and I see it comes with
configurations for cvs and info... but nothing for java, and the man pages
doesn't
http://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux
Wraps a lot of "good stuff" together for a plesk web server on CentOS.
Won't help much if you are already compromised, but it would be a good
addition.
-Andy
On Thu, 2009-12-24 at 12:01 +, Manu Verhaegen wrote:
> Hi,
>
> We have
"Mike A. Harris" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> tdu...@sc.rr.com wrote:
> >> mark
> >
> > We have been searching the internet since Tuesday.
> >
> > We have already tried installing a video card, that didn't work. The beeps
> > at start up indicate to
Hi,
I'm have a repo with many security tools.. if you can test... i'm upload a few
packages from fedora, other sources, and created by me..
http://flexbox.sourceforge.net/centos/5/i386/flexbox-release-1-1.noarch.rpm
Try to install sectool, and verify your system..
You can try to use fail2ban f
Mike A. Harris wrote:
>
> Linux didn't exist until 1991, so it would have been quite the feat to
> be running it in the 1980's indeed. ;o)
>
Nonsense. My time machine runs Linux.
-- Corey / KB1JWQ
Member, Bermuda Triangle Expeditionary Force, 2003-1944
___
m.r...@5-cent.us wrote:
> We've got a developer here who needs to use both java and openjdk. I was
> giving her sudo for alternatives, but my manager would prefer that I look
> into environment-modules. I've installed it, and I see it comes with
> configurations for cvs and info... but nothing for
> m.r...@5-cent.us wrote:
>> We've got a developer here who needs to use both java and openjdk. I was
>> giving her sudo for alternatives, but my manager would prefer that I
>> look into environment-modules. I've installed it, and I see it comes with
>> configurations for cvs and info... but nothin
m.r...@5-cent.us wrote:
>> if you put /usr/java/jdk-whatever/bin first in the path, you'll be using
>> the Sun java. if you take it out of the path, you will be using the
>> default distribution openjdk.
>>
>
> I'm trying to provide a simple method for switching between the two, and I
> don't
Hi, I don't know if that already exists somewhere ... I've written it
for me and wanted to share it with you.
It's minimal kvm shell for end users - it allows them to
start/stop/reboot their own kvm guests.
http://www.michael-kress.de/2009/12/kvm-shell/
kvm-shell should run on all platforms.
Have f
26 matches
Mail list logo
