• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

strange behavior after updates

A

ArmandoC

New Pleskian
hi, i have a centos 6.4 with plesk installed. same days ago i have updated plesk to 11.5.30 and the os with yum update.
After these actions my server have been strange behavior

1 - i have received an email from watchdog that informing me that th server may be infected; in particular there were some warnings such as:
[01:00:49] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable
[01:01:04] /sbin/ifdown [ Warning ]
[01:01:04] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable .....

2 - in log access i noticed that there are, every 5 minutes, an access to my server from my server, like this:
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"

3 - in message log i have noticed a lot entry like this:
Aug 15 12:04:06 myServer xinetd[1738]: START: smtp pid=13530 from=::ffff:207.5.160.250

Can you help me to understand what has happened?

thanks
 
Last edited:
ok, but what are all the entries
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"
every 5 minutes in log file?
 
ArmandoC said:
ok, but what are all the entries
IP.IP.IP.IP - - [18/Aug/2013:04:16:48 +0200] "GET / HTTP/1.1" 200 915 "-" "-"
every 5 minutes in log file?
Click to expand...

Need more details. What is this log file? What is this IP address? What is full related message from this log?
 
IgorG said:
Need more details. What is this log file? What is this IP address? What is full related message from this log?
Click to expand...

the log file is the access_log
ip address is the address of my server

it's like you were connected to my server from my server
 
access_log of one of your site what is hosted on your Plesk server?
 
If I correctly understood it is default site for server IP address? In this case it is watchdog issue. Watchdog connects to server IP on port 80 each 300 sec for checking Apache status. This site assigned as default on this IP. Therefore records about connections of watchdog writes in site access_log.
 
IgorG said:
If I correctly understood it is default site for server IP address? In this case it is watchdog issue. Watchdog connects to server IP on port 80 each 300 sec for checking Apache status. This site assigned as default on this IP. Therefore records about connections of watchdog writes in site access_log.
Click to expand...

Yes, is the default site for server ip....I can now feel comfortable
perfect, thank you very much
 
You must log in or register to reply here.

Similar threads

abanico
Resolved Error updating packages
Replies
11
Views
1K
marlon006
M
P
Question Drupal CMS 1.0 with Plesk: Composer PATH issue for automatic updates
Replies
7
Views
1K
horvan
H
I
Resolved Mariadb does not start when upgrading plesk to 18.0.58 Update 1
Replies
2
Views
2K
ivanes82
I
K
Issue Docker containers don't start after plesk/extension upgrades
Replies
0
Views
2K
kassi
K
GDuck24
Issue 18.0.59 (Update #2) failing to update to 18.0.60
Replies
5
Views
2K
VNick
V
Back
Top