Hi Frank, Have you tried using any file integrity checking ? A better one is like md5 checksum.Have you consider using tripwire or the like ?
Session hijack in my opinion unlikely, normally happen on telnet, rpc connections which are in ESTABLISHED state. To me it looks like more of arbitrary code execution in your web server. What system and web server you are running anyway? You didn't describe that. Best Regards LIM GHEE LAM
