We have had this kind of problem - so you have my sympathy You could try making sure that register globals is off.
Also don't delete the files from temp - chmod them to 000 prevents them being re-uploaded. At our worst I went through our boxes using an ftp program to identify new files to find the uploaded gateways that these guys use - not easy with a cms with 150 customers on it. Regards Jeffrey On Mon, 29 Nov 2010 11:08:22 -0600, Gerald Waugh <[email protected]> wrote: > Have a server been exploited several times > they come in through httpd > install scripts in /tmp > > this one was dc.txt > > # Priv8 ** Priv8 ** Priv8 > # IRAN HACKERS SABOTAGE Connect Back Shell > # code by:LorD > # We Are :LorD-C0d3r-NT-\x90 > # Email:[email protected] > > we also had .sep and send > send sends sms emal, by the thousands @tmomail.net > > How can I stop these people from downloading and running their scripts > in /tmp using httpd _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
