loosain
asked on
plesk-server was infected
Hello!
Our webserver with plesk was infected by a "runforestrun"-script. After removing this script within the index.htm(l)-files the website was running fine. After a while we encountered same problem at another vhost. Some weeks later again at another domain.
We didn't find any evidence in any log-file. So we are screwed.
Are there any watchers that can tell us who/when and how the intrusion will be made?
After that we can close the door that causes this problem.
Plesk was updated to the latest version after frirst attack. No passwords where changed after that. After all there might be a bad script we can't find.
So, any suggestions?
Thanks a lot
Jens
Our webserver with plesk was infected by a "runforestrun"-script. After removing this script within the index.htm(l)-files the website was running fine. After a while we encountered same problem at another vhost. Some weeks later again at another domain.
We didn't find any evidence in any log-file. So we are screwed.
Are there any watchers that can tell us who/when and how the intrusion will be made?
After that we can close the door that causes this problem.
Plesk was updated to the latest version after frirst attack. No passwords where changed after that. After all there might be a bad script we can't find.
So, any suggestions?
Thanks a lot
Jens
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We updated plesk and changed passwords.