[Last Call] Learn how to a build a cloud-first strategyRegister Now


plesk-server was infected

Posted on 2012-08-24
Medium Priority
Last Modified: 2012-09-11

Our webserver with plesk was infected by a "runforestrun"-script. After removing this script within the index.htm(l)-files the website was running fine. After a while we encountered same problem at another vhost. Some weeks later again at another domain.

We didn't find any evidence in any log-file. So we are screwed.
Are there any watchers that can tell us who/when and how the intrusion will be made?
After that we can close the door that causes this problem.

Plesk was updated to the latest version after frirst attack. No passwords where changed after that. After all there might be a bad script we can't find.

So, any suggestions?
Thanks a lot
Question by:loosain

Accepted Solution

NetExpert_pl earned 1000 total points
ID: 38330924
"when" should be easy. See a date and time infected files were modified.

This could help you look into log files to check "who".

Author Closing Comment

ID: 38386526
Thanks for your help.
We updated plesk and changed passwords.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question