C
Chris-M
Guest
I was wondering if someone could suggest how to identify where/what infected our server - all sites started intermittently redirecting to Malware sites which were trying to install viruses. I won't provide the exact URL's, but they were redirecting to URLs on goscanpark.com, neborin.info, and a few others.
We ran rkhunter and chkrootkit and everything came back clean, and we ran ClamAV and it didn't show up anything relevant.
The server is running:
CentOS 5
Plesk 8.3.0-cos5.build83071218.18
Apache 2.2.3-11.el5_1.centos.3
PHP 5.1.6-15.el5
As a workaround I disabled the exec() function in php.ini and restarted the web server which seems to have done the trick, but still don't know what caused it or if/when it will re-occur.
Any help is much appreciated, thanks.
Chris
We ran rkhunter and chkrootkit and everything came back clean, and we ran ClamAV and it didn't show up anything relevant.
The server is running:
CentOS 5
Plesk 8.3.0-cos5.build83071218.18
Apache 2.2.3-11.el5_1.centos.3
PHP 5.1.6-15.el5
As a workaround I disabled the exec() function in php.ini and restarted the web server which seems to have done the trick, but still don't know what caused it or if/when it will re-occur.
Any help is much appreciated, thanks.
Chris