Christoph Haas wrote: > On Sun, Jul 24, 2005 at 09:54:28AM +0200, Nejc Novak wrote: > It should be rather easy finding signs of weird accesses like %20 or > chr(). Also look for weird signs in /tmp. > > If your server is important you should consider reinstalling.
I'd urge you to spend the time necessary to see if you can identify how the attacker broke in. Otherwise you will find that after reinstalling, the attack will occur again. As Christoph mentioned, the logs are a good place to start. Geoff Crompton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
