Odd page visits and large hit count
In awastat section where it shows you the most pages visit I am seeing page hits for urls on other servers instead. 99% of these links lead to a prxjdg - created by PRX4EVER with site address http://prx4ever.virtualave.net/ps/ (the link no longer exists).
I have attached a screen shot of the awastats.
What ever this is it has eaten up 200 mb of bw over night which not a big deal currently.
I have ran rkhunter and chrootkit and both give a clean bill of health
the netstat output does not show any weird ports open though it shoulws about 50 china ip addresses conencted to my ip via port 80.
My website (not the hosting one) shows a who is online count of over 100 users lately.
Now the site I mention is running mambo 4.5.2.1 it is also the firs site that was added to our cpanel server so I see hits for the other domains soem times in our logs. IE people going to whois.sc for another domain on the server shows up in my awastats.
The server is fedora core 2 protected with apf firewall.
I dont know if this is a new attack casue I just saw it start up on the 1st of june. I have checked server logs and do not see anything weird the temp dir has the t bit and there is nothing hidden in there.
If any one has any thought on this please give us a shout or post in here.
Oh yeah and tcpdump and ethereal do not show any strange traffic on the nic. though I see many repeat hits from the same ips on port 80 some times a few 100 at a time.
