View Single Post
Old 13th April 2011, 18:13
acecjh acecjh is offline
Junior Member
Join Date: Mar 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Compromised Host

Hello everyone!

Thanks for all of the useful content that is already out there!

I have just recieved an email forwarded from my ISP, regarding a box I am hosting which is running ISP Config 2. The focus of the email was as follows:

Dear Administrator(s),

We have detected an attack attempt from an IP address of your responsibility ( !


Timestamp: 2011-04-13 04:55:36 (GMT)
Alert: COSED [CSG-GOP-007] WEB_SERVER Possible Usage of MYSQL Comments in URI for SQL Injection
Source: (46684)
Destination: (80)
GET /modules/noticias/article.php?storyid=408'/**/And/**/(SELECT/**/1)='2 HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
User-Agent: libwww-perl/5.834

It appears that one of the sites on my box has been compromised. I am interested in trying to find ways to identify which site it is that has been compromised. Can anyone please suggest any methods which I can use to do this?

Many thanks,

Reply With Quote
Sponsored Links