• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

strange behavior after updates

A

ArmandoC

New Pleskian
hi, i have a centos 6.4 with plesk installed. same days ago i have updated plesk to 11.5.30 and the os with yum update.
After these actions my server have been strange behavior

1 - i have received an email from watchdog that informing me that th server may be infected; in particular there were some warnings such as:
[01:00:49] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable
[01:01:04] /sbin/ifdown [ Warning ]
[01:01:04] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable .....

2 - in log access i noticed that there are, every 5 minutes, an access to my server from my server, like this:
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"

3 - in message log i have noticed a lot entry like this:
Aug 15 12:04:06 myServer xinetd[1738]: START: smtp pid=13530 from=::ffff:207.5.160.250

Can you help me to understand what has happened?

thanks
 
Last edited:
ok, but what are all the entries
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"
every 5 minutes in log file?
 
ArmandoC said:
ok, but what are all the entries
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"
every 5 minutes in log file?
Click to expand...

Need more details. What is this log file? What is this IP address? What is full related message from this log?
 
IgorG said:
Need more details. What is this log file? What is this IP address? What is full related message from this log?
Click to expand...

the log file is the access_log
ip address is the address of my server

it's like you were connected to my server from my server
 
access_log of one of your site what is hosted on your Plesk server?
 
If I correctly understood it is default site for server IP address? In this case it is watchdog issue. Watchdog connects to server IP on port 80 each 300 sec for checking Apache status. This site assigned as default on this IP. Therefore records about connections of watchdog writes in site access_log.
 
IgorG said:
If I correctly understood it is default site for server IP address? In this case it is watchdog issue. Watchdog connects to server IP on port 80 each 300 sec for checking Apache status. This site assigned as default on this IP. Therefore records about connections of watchdog writes in site access_log.
Click to expand...

Yes, is the default site for server ip....I can now feel comfortable
perfect, thank you very much
 
You must log in or register to reply here.

Similar threads

I
Resolved Mariadb does not start when upgrading plesk to 18.0.58 Update 1
Replies
2
Views
744
ivanes82
I
K
Issue Docker containers don't start after plesk/extension upgrades
Replies
0
Views
843
kassi
K
GDuck24
Issue 18.0.59 (Update #2) failing to update to 18.0.60
Replies
5
Views
690
VNick
V
D
Issue logrotate service fail, plesk-ext-monitoring-hcd.service
Replies
2
Views
454
daniellee100
D
A
Issue Problems with fail2ban
Replies
1
Views
257
Kaspar@Plesk
Kaspar@Plesk
Back
Top