Re: How to detect whether your machine is compromised?
Raj Kiran Grandhi writes:
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which
> says that most of the phishing sites are being run from rootkitted linux
Probably not rooted. It is not necessary to root a machine running a Web
server to put up unauthorized pages: you just need write access to the
proper directories. This is usually accomplished via buggy php scripts, so
your first step should be to quit using php.