Look at installing mod_security, http://modsecurity.orgInstall some rules for it to harden your webserver, see if anything is flagged in the security log.
Ross Tsolakidis wrote:
"Wipe, install, set up chkrootkit and run it often." I've already done that. There was no rootkit."How does phpnuke compromise apache if apache is set up correctly?" I believe it's some of the modules available and running php with 'safe mode off'. I need to find the vulnerable code on this box. And I have no idea where to begin. I've tried running virus scans, nothing is infected. -- Ross