Thanks for all of the useful content that is already out there!
I have just recieved an email forwarded from my ISP, regarding a box I am hosting which is running ISP Config 2. The focus of the email was as follows:
We have detected an attack attempt from an IP address of your responsibility (xxx.xxx.xxx.xxx) !
Timestamp: 2011-04-13 04:55:36 (GMT)
Alert: COSED [CSG-GOP-007] WEB_SERVER Possible Usage of MYSQL Comments in URI for SQL Injection
Source: 220.127.116.11 (46684)
Destination: 18.104.22.168 (80)
GET /modules/noticias/article.php?storyid=408'/**/And/**/(SELECT/**/1)='2 HTTP/1.1
Connection: TE, close
It appears that one of the sites on my box has been compromised. I am interested in trying to find ways to identify which site it is that has been compromised. Can anyone please suggest any methods which I can use to do this?