On Wed, 06 Aug 2003 17:50:06 +0200, Alan James wrote: > > You say that you have apache and php4 installed. Are you running any php > applications that may have been compromised ? Although I'd expect those > to leave the attacker with access to www-data rather than root. Maybe this has been combined with a local root exploit. > > Alan.