plesk-server was infected

Posted on 2012-08-24
Last Modified: 2012-09-11

Our webserver with plesk was infected by a "runforestrun"-script. After removing this script within the index.htm(l)-files the website was running fine. After a while we encountered same problem at another vhost. Some weeks later again at another domain.

We didn't find any evidence in any log-file. So we are screwed.
Are there any watchers that can tell us who/when and how the intrusion will be made?
After that we can close the door that causes this problem.

Plesk was updated to the latest version after frirst attack. No passwords where changed after that. After all there might be a bad script we can't find.

So, any suggestions?
Thanks a lot
Question by:loosain
    LVL 4

    Accepted Solution

    "when" should be easy. See a date and time infected files were modified.

    This could help you look into log files to check "who".

    Author Closing Comment

    Thanks for your help.
    We updated plesk and changed passwords.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Suggested Solutions

    Title # Comments Views Activity
    URL redirect 4 43
    How to analyze web traffic logs 10 74
    Apache SSL and mod_rewrite not working 8 82
    AWS Advice on using WHM/cPanel 1 37
    If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now