[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: we were attacked

On Fri, 2006-04-07 at 14:49 +0000, danilo lujambio wrote:
> Hi,
> in one of our servers with Sarge we are suffering an attack wich put a 
> perl script and two executables in /tmp with owner www-data.
> We couldn't find any data in messages , syslog, apache.log which help 
> us. We have a shorewall with very few ports open (ssh , ftp and web) .
> Can someone help us in how to looking for the source of the attack ?
> thanks in advance
> d.l.

do you have ANY php apps not installed (and upgraded) by apt?
did you install any web-app manually?

php-bb, wordpress, stuff like that. one tends to forget to upgrade

Tinus Nijmeijers <mlists@deephosting.com>

Reply to: