> I had a similar encounter about 2 months ago. The intruder exploited a > PHP script that was poorly written. If you check your http access logs, > you will most likely find an entry about the PHP that is been exploited. > Once you find the offending PHP script, you can either remove it or > add an exit(0); on top of the script so that it does not accept any > input. If you are a good PHP programmer, you could fix the script so > that it validates whatever input its getting.
if PHP is the entry point, then take a look at - libapache2-mod-suphp - PHP SAFE-Mode - PHP Basedir - set 'allow_url_fopen = Off' in your php.ini they help. Also make sure, that there is no writeable directory for the apache user. -- Florian Reitmeir -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
