On Mon, Aug 21, 2006 at 06:44:00PM +0200, David Siroky wrote: > Attackers deleted all access.log and error.log files > (which I had among the web files) I assume by "among the web files" you mean you'd adjusted permissions on the logging directory so the apache user could write to them: by default, with apache2/debian, the www-data user cannot write to /var/log/apache2, and tampered logs would indicate a root-level exploit. > I know that there is a security issue in mod_rewrite but I > don't use it. Maybe PHP is unsafe. It is a mystery to me. If you are correct and no root-level permissions were obtained, it is quite likely to be a badly written web application, rather than a vulnerability in apache2 or php itself. -- Jon Dowland http://alcopop.org/
Attachment:
signature.asc
Description: Digital signature