• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

apache and tmp upload

M

MattYM@

New Pleskian
hi,

My brain is fried today, I have a website on my plesk server somewhere which is allowing someone to upload a perl script which is seen as a .txt file then try and execute it as the user apache. Earlier on I had loads of wget processes running downloading a page several times in an attempt to fill up my /tmp folder. I have no execute set on /tmp.

Is there an easy way to find out which site is being exploited?

Everything is owned and run by apache so tearing my hair out trying to track it down.

thanks

matt
 
Hello,

It's very hard to find to out the exact domain name OR user using is uploading the perl scripts /tmp directory due Apache user ownership. But I will suggest you please scan your whole server with the LMD scanner and delete all infected files from your server. May be there is a shell script present under your one of the domain and hacker is uploading the perl scripts through that script.
 
You must log in or register to reply here.

Similar threads

S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
692
NewGate
N
Ming
Issue Passenger issue - boost::thread_resource_error: Resource temporarily unavailable
Replies
12
Views
4K
Ming
Ming
Dukemaster
Resolved Server down [Server Certificate/Apache Settings]
2
Replies
20
Views
5K
UFHH01
U
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
V
Varnish for WordPress in a Docker container
Replies
5
Views
5K
Laurence@
Laurence@
Back
Top