Can't help with perl, but a couple of thoughts. > be on my system? I run phpnuke so was thinking maybe they got it in somehow > that way.
Considering that phpnuke features at least monthly on bugtraq (this is *not* a recommendation!) that's possible. > Server has been online for 2 years now and this is the first hack > (well that i know about). I hope you put security updates on immediately, esp with something like php-nukemyserver. If you didn't for 2 years, be surprised it lasted that long. > Also the server box runs NAT and does all its own firewalling with > iptables. Any thoughts on an external firewall? An external firewall is only of use if the firewall itself is attacked and compromised, it then takes the bullet instead of the server. If however you have vulnerable applications on the server, any firewall is of limited use as the traffic which breaks the server application would be legal traffic on the firewall. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
