Mike Wang wrote: > Hi > Recently one of my web server was invaded by something called > ping22. it obviously exploited some perl cgi or php holes on this > apache2 server. But I do not how it is get exploited. > > (1) tried to kill -9 it, it is respawn again automatically. > respawn by whom? Try to use pstree to find out. Best regards, --Edwin