1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk css file has hack code sending emails. How do you see number of emails sent?

Discussion in 'Plesk for Linux - 8.x and Older' started by BernieH, Jan 31, 2011.

  1. BernieH

    BernieH Guest

    We have encountered hackers placing a email sending program within the css folder of Plesk. Have you run into this problem before and if so do you have any idea of how they get the file placed within the Plesk files for the given URL? Also do you know of any way to see a report of the number of emails being sent from a specific URL or all URL's on our server? Thank you in advance for answering these questions. God Bless, Bernie
  2. prowler318

    prowler318 Guest

    I would consider the following:

    Not neccesarily done in this order but you get the point.

    1. Check your firewall (if you have any for ports that may be open and not needed)
    2. Secure your directory structure by chmod things. Giving the correct permissions.
    3. Running various rootkit scans and virus scans.
    4. Changing passwords to all accounts especially the admin for psa and the server root account.
    5. disable root access via ssh and use a separate account to login then sudo or su to things.
    6. Make sure your box is to date on packages running and uninstall things you don't need. (For example if it's a plesk server you have no reason to run open office on it.) Do not confuse backporting with packages not being the latest version if you're using a distro of linux that backports.

    Also check the /var/log folder and view any logs there for some insight.

    God bless you too!