Results 1 to 10 of 10
  1. #1
    Join Date
    Mar 2007
    Posts
    239

    Possible security attack?

    Hi guys,

    I have just migrated to a new plesk server and upon checking the error logs I can see thousands of entries like so:

    Code:
    [Sat Oct 24 08:44:46 2009] [error] [client 208.43.250.67] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat
    [Sat Oct 24 08:44:58 2009] [error] [client 208.43.250.67] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat
    [Sat Oct 24 08:45:05 2009] [error] [client 208.43.250.67] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat
    [Sat Oct 24 08:45:11 2009] [error] [client 174.120.159.132] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat
    [Sat Oct 24 08:45:17 2009] [error] [client 208.109.234.197] script '/var/www/vhosts/default/htdocs/check.php' not found or unable to stat
    Is this an attack on my server?

  2. #2
    Join Date
    Aug 2009
    Posts
    50
    such pattern could mean - just maybe - this is a proxy "check.php" that have been advertised somewhere but actually it doesn't exist in this location .

  3. #3
    Join Date
    Mar 2007
    Posts
    239
    Quote Originally Posted by rwxguru View Post
    such pattern could mean - just maybe - this is a proxy "check.php" that have been advertised somewhere but actually it doesn't exist in this location .
    How can I find where this was advertised? Im guessing its a plesk related file? I just did a search on the server for 'check.php' and it came back with the following matches:

    Code:
    /usr/local/psa/var/cgitory/TUTOS-1.88-38/htdocs/php/check.php
    /usr/local/psa/var/cgitory/WebShopmanager-2.0-31/htdocs/admin/check.php
    /usr/local/psa/var/cgitory/geeklog-1.4.1-3/htdocs/public_html/admin/install/check.php
    /usr/local/psa/var/cgitory/phpAds-2.0.8-35/htdocs/misc/revisions/check.php

  4. #4
    Join Date
    Aug 2009
    Posts
    50
    if this is plesk
    what is the default domain name, ip using : /var/www/vhosts/default/htdocs ?

  5. #5
    Join Date
    Mar 2007
    Posts
    239
    Yes this is a plesk server. I have 3 IP's. 1 main IP and 2 failover (aliases).

    How do I check what the default domain is using?

  6. #6
    Join Date
    Mar 2007
    Posts
    239
    I just found where I can set the default domain on an IP address. It was preselected with mydomain.com. So I selected "None" instead and the error has gone. How can I display my default domain on the IP without getting those errors?

    I guess I need to change the default path somewhere?

  7. #7
    Join Date
    Mar 2007
    Posts
    239
    Actually, just rechecked and the error is still occuring, weird!!

  8. #8
    Join Date
    Aug 2009
    Posts
    50
    pm me the ips I can check it for you

  9. #9
    Join Date
    Mar 2007
    Posts
    239
    Quote Originally Posted by rwxguru View Post
    pm me the ips I can check it for you
    Thank you!

  10. #10
    Join Date
    Aug 2009
    Posts
    50
    ips are clean , maybe its just vulnerability scanners .

Similar Threads

  1. Need Hosting With security from DDOS attack
    By anybody in forum Web Hosting
    Replies: 29
    Last Post: 06-15-2007, 01:51 PM
  2. attack from mod security?
    By The Blind Can See in forum Hosting Security and Technology
    Replies: 2
    Last Post: 09-11-2006, 12:42 PM
  3. Replies: 14
    Last Post: 11-22-2003, 05:40 AM
  4. Replies: 8
    Last Post: 11-13-2003, 10:14 PM
  5. Security: Linux anit-virus + extra security on top of Bastille
    By Tazzman in forum Hosting Security and Technology
    Replies: 7
    Last Post: 02-01-2003, 03:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •