Racker Hacker

Words of wisdom from a server administrator

Have you tried MySQLTuner yet? It's free and it makes optimizing your MySQL server easier than ever!

06 03 2007

Finding compromised scripts

Posted by: major in Plesk, Security, Web

If your server is sending out spam because of some bad scripts, hunt that stuff down:

grep POST /var/log/httpd/access_log | awk '{ print $7 }' | sort | uniq -c | sort -rn

Or on Plesk:

grep POST /home/httpd/vhosts/*/statistics/logs/access_log | awk '{ print $7 }' | sort | uniq -c | sort -rn

Share and Enjoy:

This entry was posted on Tuesday, March 6th, 2007 at 12:41 pm and is filed under Plesk, Security, Web.You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Finding compromised scripts”

ZaNaToS says: October 26th, 2007 at 7:29 am

Hello,

I did run the second command
and I see a very big list like this:

76954 /yshout/yshout.php
2522 /eshop/index.php?target=lh_visitor
439 /forum/mgc_chatbox.php

what should I do with these?

Leave a Reply

You must be logged in to post a comment. Login »

Search
Links
Twitter Feed
- Traffic was fairly light in San Antonio this morning. I guess many folks are making this a four day weekend. about 2 hours ago from twitterrific
- @Racker121 Oh yeah, I get my hips moving. about 12 hours ago from twitterrific
- Good gosh. Spent two blocks of 30 minutes on the WiiFit tonight and I am exhausted. Thanks @Racker121! about 13 hours ago from twitterrific
- @marz8 I'm not a big chorizo fan, but potato/egg is nifty. 09:48:28 AM August 28, 2008 from twitterrific
- @alexbellinger Our techs in the UK really like them when they come over to visit. Seems like a good business to open in UK! :-) 09:48:05 AM August 28, 2008 from twitterrific
- My bean and cheese taco helped to kickstart my morning. Woot. 09:28:42 AM August 28, 2008 from twitterrific
- @thebarkingdog Popeye's for breakfast? 08:52:39 AM August 28, 2008 from twitterrific
- @mike_chavez Go get some Nicavid's. :-) 12:24:43 PM August 27, 2008 from twitterrific
- Waitin' for my carpool buddies... 06:41:01 AM August 27, 2008 from twitterrific
- @jkoelker I only like Brokaw when he is being impersonated on SNL. 10:32:57 PM August 26, 2008 from twitterrific
Categories
- Command Line (58)
- Database (76)
- Development (33)
- Emergency (14)
- FTP (8)
- Fun (13)
- General Advice (3)
- Just Talk (1)
- Kernel Panics (5)
- Mail (61)
- Plesk (74)
- Posts In Progress (2)
- Screencasts (1)
- Security (51)
- Web (56)
Blogroll
Popular Posts
Random Posts
Archives
- August 2008 (4)
- July 2008 (7)
- June 2008 (14)
- May 2008 (5)
- April 2008 (10)
- March 2008 (8)
- February 2008 (7)
- January 2008 (27)
- December 2007 (6)
- November 2007 (17)
- October 2007 (13)
- September 2007 (18)
- August 2007 (34)
- July 2007 (16)
- June 2007 (13)
- May 2007 (20)
- April 2007 (16)
- March 2007 (17)
- February 2007 (21)
- January 2007 (19)
- December 2006 (9)

Powered by WordPress, Mandigo theme by tom.
Entries (RSS) and Comments (RSS).
29 queries. 1.051 seconds.

Racker Hacker

Words of wisdom from a server administrator

Finding compromised scripts

Search

Links

Twitter Feed

Categories

Blogroll

Popular Posts

Random Posts

Archives