On 29 Nov 2010, at 17:23, Gerald Waugh wrote: > On Mon, 2010-11-29 at 17:17 +0000, Steve Howes wrote: >> On 29 Nov 2010, at 17:08, Gerald Waugh wrote: >>> How can I stop these people from downloading and running their scripts >>> in /tmp using httpd >> >> You need to find out how they did it. You're either hosting someone naughty, >> or someone who has an insecure script. Who owns the files? >> > apache.apache > > The server has a site with Drupal and some other blog stuff
Please reply to the list, not me. Could look in .bash_history for each user to see if anyone has abused their SSH access / guessed root pass. Failing that, you need to find an insecure script on one of those sites. Which wont be easy. S _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
