Hello!
I'm very new to using VPS and am on a steep learning curve! Everything was running fine until recently when I started getting attacks on my websites and when one went down, they all fell like dominoes. As you can imagine that's where my stress levels rocketed, especially when I don't really have an understanding of reading error logs/reports.
I have been given some help by a techie friend and made several changes to my wordpress sites to harden them. If any of you can help or guide me to help fix my areas, please be gentle with me!
The most recent reports which look like they might be bad news are as follows:
So am I doomed? Are these bad or fixable?
And I also often get a lot of Excessive processes notifications:
When that e-mail comes through, that is sometimes when the whole server goes down.
Thank you in advance!
Help a damsel in distress!
Clare
I'm very new to using VPS and am on a steep learning curve! Everything was running fine until recently when I started getting attacks on my websites and when one went down, they all fell like dominoes. As you can imagine that's where my stress levels rocketed, especially when I don't really have an understanding of reading error logs/reports.
I have been given some help by a techie friend and made several changes to my wordpress sites to harden them. If any of you can help or guide me to help fix my areas, please be gentle with me!
The most recent reports which look like they might be bad news are as follows:
Code:
/var/log/exim_paniclog:
2015-11-07 00:03:45 1Zuqym-0003sR-4L malware acl condition: clamd: unable to connect to UNIX socket (/var/clamd): No such file or directory
/var/log/exim_paniclog:
2015-11-06 22:57:33 1Zupwk-0000XN-0M malware acl condition: clamd: unable to connect to UNIX socket (/var/clamd): No such file or directory
/usr/local/cpanel/logs/error_log:
[06-Nov-2015 22:00:08 UTC] PHP Warning: array_keys() expects parameter 1 to be array, null given in /usr/local/cpanel/whostmgr/docroot/cgi/srbl/black.php on line 32
Code:
PID: 1964 (Parent PID:1931)
Account: xxxxx
Uptime: 85513 seconds
Executable:
/usr/local/cpanel/3rdparty/perl/514/bin/perl
Command Line (often faked in exploits):
spamd child
Network connections by the process (if any):
tcp: 127.0.0.1:783 -> 0.0.0.0:0
tcp: 127.0.0.1:783 -> 127.0.0.1:57601
udp: xxx.xxx.xxx.xxx:35062 -> 8.8.8.8:53
tcp: xxx.xxx.xxx.xxx:47031 -> 208.83.137.115:2703And I also often get a lot of Excessive processes notifications:
Code:
PID:15959 PPID:14231 Run Time:34(secs) Memory:239952(kb) exe:/usr/bin/php cmd:/usr/bin/php /home/xxx/public_html/index.phpThank you in advance!
Help a damsel in distress!
Clare
Last edited by a moderator:
