Results 1 to 10 of 10
Thread: Possible security attack?
-
10-24-2009, 04:49 AM #1Junior Guru
- Join Date
- Mar 2007
- Posts
- 239
Possible security attack?
Hi guys,
I have just migrated to a new plesk server and upon checking the error logs I can see thousands of entries like so:
Code:[Sat Oct 24 08:44:46 2009] [error] [client 208.43.250.67] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat [Sat Oct 24 08:44:58 2009] [error] [client 208.43.250.67] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat [Sat Oct 24 08:45:05 2009] [error] [client 208.43.250.67] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat [Sat Oct 24 08:45:11 2009] [error] [client 174.120.159.132] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat [Sat Oct 24 08:45:17 2009] [error] [client 208.109.234.197] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat
-
10-24-2009, 05:19 AM #2Junior Guru Wannabe
- Join Date
- Aug 2009
- Posts
- 50
such pattern could mean - just maybe - this is a proxy "check.php" that have been advertised somewhere but actually it doesn't exist in this location .
-
10-24-2009, 05:25 AM #3Junior Guru
- Join Date
- Mar 2007
- Posts
- 239
How can I find where this was advertised? Im guessing its a plesk related file? I just did a search on the server for 'check.php' and it came back with the following matches:
Code:/usr/local/psa/var/cgitory/TUTOS-1.88-38/htdocs/php/check.php /usr/local/psa/var/cgitory/WebShopmanager-2.0-31/htdocs/admin/check.php /usr/local/psa/var/cgitory/geeklog-1.4.1-3/htdocs/public_html/admin/install/check.php /usr/local/psa/var/cgitory/phpAds-2.0.8-35/htdocs/misc/revisions/check.php
-
10-24-2009, 05:33 AM #4Junior Guru Wannabe
- Join Date
- Aug 2009
- Posts
- 50
if this is plesk
what is the default domain name, ip using : /var/www/vhosts/default/htdocs ?
-
10-24-2009, 05:38 AM #5Junior Guru
- Join Date
- Mar 2007
- Posts
- 239
Yes this is a plesk server. I have 3 IP's. 1 main IP and 2 failover (aliases).
How do I check what the default domain is using?
-
10-24-2009, 05:44 AM #6Junior Guru
- Join Date
- Mar 2007
- Posts
- 239
I just found where I can set the default domain on an IP address. It was preselected with mydomain.com. So I selected "None" instead and the error has gone. How can I display my default domain on the IP without getting those errors?
I guess I need to change the default path somewhere?
-
10-24-2009, 05:46 AM #7Junior Guru
- Join Date
- Mar 2007
- Posts
- 239
Actually, just rechecked and the error is still occuring, weird!!
-
10-24-2009, 05:51 AM #8Junior Guru Wannabe
- Join Date
- Aug 2009
- Posts
- 50
pm me the ips I can check it for you
-
10-24-2009, 05:56 AM #9Junior Guru
- Join Date
- Mar 2007
- Posts
- 239
-
10-24-2009, 06:33 AM #10Junior Guru Wannabe
- Join Date
- Aug 2009
- Posts
- 50
ips are clean , maybe its just vulnerability scanners .
Similar Threads
-
Need Hosting With security from DDOS attack
By anybody in forum Web HostingReplies: 29Last Post: 06-15-2007, 01:51 PM -
attack from mod security?
By The Blind Can See in forum Hosting Security and TechnologyReplies: 2Last Post: 09-11-2006, 12:42 PM -
Shop Grenade attack kills 4, injures 20. Looks like a religious attack or...
By Critic in forum Web Hosting LoungeReplies: 14Last Post: 11-22-2003, 05:40 AM -
Website attack - Need host that can protect against attack
By dysfirkin in forum Web HostingReplies: 8Last Post: 11-13-2003, 10:14 PM -
Security: Linux anit-virus + extra security on top of Bastille
By Tazzman in forum Hosting Security and TechnologyReplies: 7Last Post: 02-01-2003, 03:00 PM