Ok. What evidence do you have that it was a hack? (as opposed to, say, FTP passwords getting out somehow). And, by any chance, do the sites that were hacked share any passwords with accounts on any of the phpBB installations? And, with what were the index files replaced? ----- Original Message ----- From: "Mathew Thomas" <mathew.thomas@xxxxxxxxxxx> To: <users@xxxxxxxxxxxxxxxx> Sent: Sunday, May 08, 2005 7:15 PM Subject: Re: [users@httpd] Hacked the website replace the index.hm page Hi Tim, Thanks for the reply. Yes, couple of virtual hosts are running phpPBB. The website which have been hacked are not using PHP,mysql or ssl. Thanks Mathew >>> tim@xxxxxxxxx 9/05/05 8:56:04 >>> We'll probably need more details. You running phpBB anywhere? ----- Original Message ----- From: "Mathew Thomas" <mathew.thomas@xxxxxxxxxxx> To: <users@xxxxxxxxxxxxxxxx> Sent: Sunday, May 08, 2005 6:49 PM Subject: [users@httpd] Hacked the website replace the index.hm page Hi All, We are running apache_1.3.32 with mod_ssl, mySQL and PHP. OS is Solaris 9. Apache is running with User httpd Group http Most of the Documentroot is owned by httpd.( There are several virtualhost running on this server) its-wu-web:departments# ps -ef | grep http httpd 18168 24970 0 00:00:02 ? 0:04 /usr/local/apache/bin/httpd -DSSL httpd 16498 24970 0 08:39:24 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 16492 24970 0 08:39:24 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 15664 24970 0 08:28:56 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 16488 24970 0 08:39:23 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 18182 24970 0 00:00:07 ? 0:04 /usr/local/apache/bin/httpd -DSSL Some how couple of the website was hacked and replaced the index.htm pages. How can I prevent it happen again? Thanks Mathew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx