Hi,in one of our servers with Sarge we are suffering an attack wich put a perl script and two executables in /tmp with owner www-data. We couldn't find any data in messages , syslog, apache.log which help us. We have a shorewall with very few ports open (ssh , ftp and web) .
Can someone help us in how to looking for the source of the attack ? thanks in advance d.l.