Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 13th April 2011, 17:13
acecjh acecjh is offline
Junior Member
 
Join Date: Mar 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Compromised Host

Hello everyone!

Thanks for all of the useful content that is already out there!

I have just recieved an email forwarded from my ISP, regarding a box I am hosting which is running ISP Config 2. The focus of the email was as follows:

__
Dear Administrator(s),

We have detected an attack attempt from an IP address of your responsibility (xxx.xxx.xxx.xxx) !

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Sample:
Timestamp: 2011-04-13 04:55:36 (GMT)
Alert: COSED [CSG-GOP-007] WEB_SERVER Possible Usage of MYSQL Comments in URI for SQL Injection
Source: 194.28.139.111 (46684)
Destination: 200.189.113.212 (80)
Content:
GET /modules/noticias/article.php?storyid=408'/**/And/**/(SELECT/**/1)='2 HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: www.cultura.pr.gov.br
User-Agent: libwww-perl/5.834
__

It appears that one of the sites on my box has been compromised. I am interested in trying to find ways to identify which site it is that has been compromised. Can anyone please suggest any methods which I can use to do this?

Many thanks,

Chris
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix queue problem? murunix Server Operation 7 2nd May 2011 01:55
E-mail server receive and send spams Mole Installation/Configuration 12 19th April 2010 11:03
Is my postfix is hacked? bzzik Server Operation 21 15th July 2009 14:13
smtp is error!!! fhawk Installation/Configuration 2 7th April 2009 13:17
This is %#@*&^$# embarrassing! domino Smalltalk 34 5th February 2007 21:57


All times are GMT +2. The time now is 22:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.