Nick, Thanks for your reply. THe problem is that I do not see any files changed on the server (and thus cannot check the owner of them). Where should I look for the possible evidence of someone else being there?
On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew <n...@webthing.com> wrote: > > On 3 Apr 2010, at 22:20, Oleg Goryunov wrote: > > > > Yep, someone's been there. Take it off the 'net, if you haven't already! > And get someone competent to look: anyone on a list like this > can only speculate! > > First question, who has non-WWW access, particularly a shell? > If the offending files are owned by a user other than the webserver, > it's not likely to have happened through the server. And if that's > happened, you may want to reinstall the server starting with a clean > operating system install. > > If it did happen through the server, what apps let you upload contents? > The usual suspect in cases like this is some shoddy PHP app. You might > also > want to fire the admin who left contents space writable by the web user! > > -- > Nick Kew > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >