On 3 Apr 2010, at 22:20, Oleg Goryunov wrote: > Hello all, > It looks like someone hacked my apache2 server and I am trying to understand how this could have happened. > This is what happened: Yep, someone's been there. Take it off the 'net, if you haven't already! And get someone competent to look: anyone on a list like this can only speculate! First question, who has non-WWW access, particularly a shell? If the offending files are owned by a user other than the webserver, it's not likely to have happened through the server. And if that's happened, you may want to reinstall the server starting with a clean operating system install. If it did happen through the server, what apps let you upload contents? The usual suspect in cases like this is some shoddy PHP app. You might also want to fire the admin who left contents space writable by the web user! -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx