Dave, A very common virus/trojan technique is to create new a serv-u.ini file as a part of the payload - which in the case of an existing serv-u server overwrites the old serv-u ini file and changes the configuration of the server. A quick seach at symantec security turned up this technique quite a number of times - though nothing terribly recent. My guess is that this is what charlie experienced.
-Mark Mark A. Kruger, CFG, MCSE www.cfwebtools.com www.necfug.com http://mkruger.cfwebtools.com ---------------------------------------------------------------------------- -------------------------- As for whether Serv-U allowed your machine to be hacked, are you sure that was where the vulnerability was? Just because someone was using your FTP server after your server was compromised, doesn't mean that it was compromised through the FTP server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220585 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
