Chris Robertson wrote: > Over the weekend we had several servers that all experienced the same > symptoms (details below). I've gone through the CVE, bugtraq, etc > archives and haven't found anything that matches either our versions or > the symptoms. > > - Mod_PHP5 5.2.0-10 (some) > - Mod_PHP5 5.1.4-5 (some) nothing else you mention even raises an eyebrow. These two are likely your culprits if you run untrusted scripts. I'd disable all the posix api functions and dl-functionality based on a recent report. As far as /root/2/ that doesn't correspond to something I know of, but limiting users who run PHP, or even better, running them with cgiwrap or fastcgi in a nobody sandbox is an even better solution. If you aren't running untrusted scripts, I'd start looking for exploitable flaws in your PHP applications. Especially over that /root/2/ assault. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx