Tomsrtbt wiki users: There was a bug in TWiki, which wasn't announced well, and the toms.net apache/twiki user was compromised. Probably they just ran a spam relay for a while or something, there were a couple of processes running. It doesn't look like they were able to escalate privileges beyond just the apache id. It _does_ mean that they could download the .htpasswd file, used for TWiki user ids / passwords, maybe download it and try to crack the passwords. If anyone used a common password for the tomsrtbt twiki and other accounts that are important, it might be wise to change them.
I'll have Apache and TWiki back up sometime in the next couple of days, I'm going to be conservative and reinstall anything that was under that id, even though I don't think they replaced Apache or TWiki stuff it is best to be paranoid when cleaning up something like this. -Tom
