Have you tried MySQLTuner yet? It's free and it makes optimizing your MySQL server easier than ever!

« Stopping Double Bounces in Plesk
Disable SSLv2 and Weak Ciphers in Postfix »
06 03 2007

Finding compromised scripts

Posted by: major in Plesk, Security, Web

If your server is sending out spam because of some bad scripts, hunt that stuff down:

grep POST /var/log/httpd/access_log | awk '{ print $7 }' | sort | uniq -c | sort -rn

Or on Plesk:

grep POST /home/httpd/vhosts/*/statistics/logs/access_log | awk '{ print $7 }' | sort | uniq -c | sort -rn

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • TwitThis

This entry was posted on Tuesday, March 6th, 2007 at 12:41 pm and is filed under Plesk, Security, Web.You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Finding compromised scripts”
  1. ZaNaToS says: October 26th, 2007 at 7:29 am

    Hello,

    I did run the second command
    and I see a very big list like this:

    76954 /yshout/yshout.php
    2522 /eshop/index.php?target=lh_visitor
    439 /forum/mgc_chatbox.php

    what should I do with these?

Leave a Reply

You must be logged in to post a comment. Login »