Atomicorp

It was in an old post I read here a few weeks ago. Can't remeber if it was you who replied but it said something along the lines of you use it here and there were 2 other options you turn on as well. Anyways, I'll give it another try. Thanks.

Do I need to set the right permission on that file because it would be owned by root now. Integrity checksum changed for: `/var/ossec/etc/decoder.xmlSize changed from `97114` to `97144Ownership was `0`, now it is `10001Group ownership was `0`, now it is `505What changed708c70< <program_name>^pop3d|^...

Done. Do I need to set any options in that file or in the gui? Will it stop the login attempts for mail or ftp?

Ah ha! It's working now. Cool Thanks smonteiro. A question. Do I need to run fcgi if I'm using fpm now? Could I uninstall the fcgi module from plesk alltogether or turn off the apache module in plesk if I wanted to?

Sorry, yes it has a time stamp and allthe rest of it. -pop3d: Disconnected, ip=[::ffff:87.103.211.11] Oct 12 03:45:50 server courier-pop3d: LOGIN FAILED, user=admin, ip=[::ffff:87.103.211.11] Oct 12 03:45:50 server courier-pop3d: authentication error: Input/output error Oct 12 03:45:50 server courie...

Bling!
[root@www ~]# rpm -qf /etc/init.d/php-fpm
error: file /etc/init.d/php-fpm: No such file or directory

I was just having the same prob with my centOS 5. It wouldn't let me uninstall it with yum either and was spitting out errors about a script or something. I had to remove it with rpm --noscipts. Reinstalled it and more errors. Can't start the service, says unrecognised. Same thing in plesk too. How ...

When I enable MODSEC_00_RBL it blocks all traffic to the server and logs all IP's as spam listed. Am I doing something wrong? I looked in the wiki and it said MODSEC_00_RBL should be on,along with some associated rules.

Ok thanks, so I'm going to do this with --exclude-dir=^/var/clamav/ included to stop the false positives. I guess the --exclude-dir=^/var/www/vhosts/.*/statistics/logs/ means scan everything under that dir except /statistics/logs/ ? nice -n 20 ionice -c 3 clamscan --exclude-dir=^/var/clamav/ --exclu...

I think that was it. I ran that command and it found about 10 false alarms: /var/clamav/ASL-securiteinfohtml.hdb: Atomicorp.Linux.Suspicious.Code.2011121313401.UNOFFICIAL FOUND /var/clamav/ASL-securiteinfoelf.hdb: Atomicorp.Linux.Suspicious.Code.2011121313401.UNOFFICIAL FOUND /var/clamav/ASL-securit...

Nothing shows up in the asl gui about it, only in the http access logs.

No http. It requests random pages from my domains. Like someone is searching from those 2 servers or something. Banning the the server IP's does nothing. Still says it's coming from the same place. I did have someone or something trying to brute force my email server the other day for about 2 hours ...

Hi peeps. I keep getting this crap in my access logs with clamscan so I banned the ip address of the blekko.com server and now I get this as well, ASL.SpamDomain.erolove.in.UNOFFICIAL FOUND and ASL.MalwareBlacklist.blekkoz.com.UNOFFICIAL FOUND. I tried to ban the IPs of the servers but it had no aff...

You can also goolge "plesk can't delete domains". There should be an answer.

You can go into the psa database and delete them manually. There is a table in there that holds all the domain info. That will/should work. You should probably upgrade plesk too. It's at version 11. blah.blah now. The plesk forums should help you too. Plesk will come in there and fix it for you if y...