hi, i have a centos 6.4 with plesk installed. same days ago i have updated plesk to 11.5.30 and the os with yum update.
After these actions my server have been strange behavior
1 - i have received an email from watchdog that informing me that th server may be infected; in particular there were some warnings such as:
[01:00:49] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable
[01:01:04] /sbin/ifdown [ Warning ]
[01:01:04] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable .....
2 - in log access i noticed that there are, every 5 minutes, an access to my server from my server, like this:
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"
3 - in message log i have noticed a lot entry like this:
Aug 15 12:04:06 myServer xinetd[1738]: START: smtp pid=13530 from=::ffff:207.5.160.250
Can you help me to understand what has happened?
thanks
After these actions my server have been strange behavior
1 - i have received an email from watchdog that informing me that th server may be infected; in particular there were some warnings such as:
[01:00:49] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable
[01:01:04] /sbin/ifdown [ Warning ]
[01:01:04] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable .....
2 - in log access i noticed that there are, every 5 minutes, an access to my server from my server, like this:
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"
3 - in message log i have noticed a lot entry like this:
Aug 15 12:04:06 myServer xinetd[1738]: START: smtp pid=13530 from=::ffff:207.5.160.250
Can you help me to understand what has happened?
thanks
Last edited: