At 4:58 PM -0500 3/21/02, darren chamberlain wrote: >Another alternative is to replace it with something that appears >to do the same thing, but actually logs a ton of stuff from the >requestor.
Unless the entire site has already been backdoored. If that is the case, then this would serve no purpose, as the intruder could just come in via the backdoor. Any time a security breach takes place, the first action should always be to take the box offline and access the extent of the breach (multiple machines may be effected), backup the disk(s), and reformat. Finally, restore only the trusted files (and only after reviewing them for backdoors). It's the only way to be sure that you've eliminated the problem. Rob -- When I used a Mac, they laughed because I had no command prompt. When I used Linux, they laughed because I had no GUI.