On Wed, 2006-08-09 at 16:02 +1200, Christopher Sawtell wrote: > I would try to get the compromised server off line as soon as possible, > because you have no idea what else it might do once it realises that you > are 'on to it'.
Yup. It's not my server so I can only make recommendations to the client. Thanks for the great suggestions - I'll pass them on.
