Clear Day I was hacked on my server. I am now using SSH and have disabled Telnet. All security patches are installed.
When hacked I was advised to Export all the Sites, use the restore disk and Import all the sites back again. Since then I am having trouble with just one domain on site4. The index.html page was removed mysteriously and all the site permissions had been changed resulting in server errors for the scripts. On investigation I find that there was this entry in the FTP log after the restore: /home/sites/site4/web/DWDDXX8.DDD although that file is no longer there. On the root directory was a file called: mon.out I have kept a copy of this file, which looks like an executable file. Has anyone come across any of these files? Can someone tell me where to look for any intrusion as I am not familiar with using Shell commands. Thanks _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
