You could also try installing snoopy, which logs all commands executed by users to auth.log. Then look for unusual commands executed by user "www-data" if you suspect insecure PHP scripts etc.
Cheers, Richard -- __ _ |_) /| Richard Atterer | GnuPG key: | \/�| http://atterer.net | 0x888354F7 � '` � -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
