Hi all, my server is compromised as every day I can see malicous PHP scripts created and burried in some websites. I'm able to find these from the access log, looking for POST requests on unusual PHP locations (example : POST /assets/images/actus/start.php HTTP/1.0). So I've created a fail2ban filter to ban IP accessing these URLs but this doesnt stop the root cause of infection.
Can Plesk help me understand how those scripts are created ?
Thank you
Can Plesk help me understand how those scripts are created ?
Thank you