• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Temp folder hack

M

Magumo

Guest
Good day,

We had a few sites on php with 0777 permissions defaced with an religious extremist message . On further investigating, we discovered that the hack must have been achieved via the server /temp folder because in the temp folder there we numerous suspicious files added around the time of the hack.

I have deleted the hacked file, and restored. Now I want to know how to best avoid this in future?

Also how do I troubleshoot to narrow down on the hack?
 
Check your web and ftp logs for anything suspicious. I'd also recommend you check out mod_security as a first tier security control.
 
You must log in or register to reply here.

Similar threads

E
Issue Abnormal CPU usage and Apache crash
Replies
13
Views
5K
MartinT
M
M
Resolved Plesk restore from a ZIP after server failure.
Replies
0
Views
1K
mad_inventor
M
T
Forwarded to devs deletion of spam folder mails after 30 days not working
Replies
19
Views
5K
Sebahat.hadzhi
Sebahat.hadzhi
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
3K
iainh
I
T
Issue After moving subscription, users receive message "Your subscription was removed", Cannot create new webspace.
Replies
2
Views
2K
thespark
T
Back
Top