This root level compromise seems to affect CentOS 5.x and < Plesk 10.4. This affects Apache directly and requires a reinstallation. Slaving the original drive to migrate the files is acceptible since it affects the OS files themselves, but clamscan is still highly recommended. To determine if a server has this compromise: Plesk [bash] fgrep ... Read more
Is the server sending spam. Try this. http://kb.parallels.com/766 First, check that all domains have the option ‘Mail to non-existing user’ set to ‘reject’ but not to ‘forward.’ You can change this setting to all domains using “Group Operations” in the “Domains” tab in Parallels Plesk Control Panel. The option “Reject mail to nonexistent user” is … Read more
Use this method to track down any PHP scripts that might be sending email. http://kb.parallels.com/en/1711 1) Create a /var/qmail/bin/sendmail-wrapper script with the following content: #!/bin/sh (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@" Note, it should be two lines including ‘#!/bin/sh’. 2) Create a log file /var/tmp/mail.send and grant it “a+rw” rights; make the … Read more
Welcome to Cold River Data Com.