• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Cron Daemon Emails

M

massofclay

Guest
A little back story. I have been placed in charge of a backup network solutions VPS that was recently responsible for sending out UDP attacks originating from an HTTP, the server was shut down. When it was brought back up, I cleared out every domain and site. A couple hours later the server started sending out Cron Daemon email with messages such as this.

ERROR: Dr.Web (R) Updater: remote host update.fr1.drweb.com closed connection variant () !
Dr.Web (R) update details:
Update server: http://update.fr1.drweb.com/unix/500
Update has begun at Tue Mar 13 17:00:05 2012
Update has finished at Tue Mar 13 17:01:20 2012

Following files has been updated:
/var/drweb/bases/drwtoday.vdb
/var/drweb/updates/timestamp


This happens every 30 minutes or so.
On top of that I got this message over the weekend.


nsProtect Safe service for http://****.com
Term: 2 year(s)
Expiration Date: 2014-06-05

nsProtectâ„¢ Safe reported the following at Mon Mar 12 01:11:53 EDT 2012:

From monitoring location at Herndon, VA USA,
site is DOWN


I replaced the domain with "*". Odd thing is, that domain doesn't even belong to this company anymore.

I am not a server admin so most of this is pretty foreign, actually all of this is pretty foreign. I have done a couple of days worth of research so I am aware that cron is an antivirus, but other than that I don't get why this is happening and if it means the earlier intrusion did more than get on an http.

Any suggestions would be great,

Clay
 
Back
Top