Atomicorp

Hello guys. I got this from OSSEC and I have no idea whats going on. Mod evasive didn't block it and I don't even get what its trying to accomplish to be honest... This site is probably an old version of cs cart...

Received From: plesk->/var/log/httpd/error_log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

[Thu Jul 05 21:41:23 2012] [warn-phpd] mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%B2^B27^B27F06E6%%order_notification_subj.tpl.php - Permission denied (pid 19211)


[Thu Jul 05 21:41:23 2012] [warn-phpd] mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%5A^5AF^5AFE5E7B%%order_notification.tpl.php - Permission denied (pid 19211)

That doesnt look like an attack, that looks like a misconfiguration. This:

mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%B2^B27^B27F06E6%%order_notification_subj.tpl.php - Permission denied (pid 19211)

Looks like the domain is setup to generate php opcode and to store it in the subdirectory /var/compiled/mail/, and it cant open the compiled opcode in that directory. Are the permissions on that directory setup to allow your webserver to read (and probably also write) to/from that directory?

mikeshinn wrote:That doesnt look like an attack, that looks like a misconfiguration. This:

mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%B2^B27^B27F06E6%%order_notification_subj.tpl.php - Permission denied (pid 19211)

Looks like the domain is setup to generate php opcode and to store it in the subdirectory /var/compiled/mail/, and it cant open the compiled opcode in that directory. Are the permissions on that directory setup to allow your webserver to read (and probably also write) to/from that directory?

Changed it to 755. Probably it was a permissions issue ...