I have some web servers which occasionally have hacks that are uploaded that change their name to look like apache and somehow get apache to send requests to them. The result is that people somewhat randomly get pages advertising self enhancing drugs etc. The hacks are perl scripts, but they are run from /tmp and then deleted. Trying to get anything out of /proc/pid/fd/whatever just yields an empty file. Anyone have any ideas on how to recover the original script? Right now I just have a process checking for them and whacking them when I see them, but I'd like to know more about them to actually prevent them from happening. Any thoughts would be appreciated! Chris -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
