Hi, >> I have some web servers which occasionally have hacks that are uploaded that >> change their name to look like apache and somehow get apache to send requests >> to them. The result is that people somewhat randomly get pages advertising >> self enhancing drugs etc. The hacks are perl scripts, but they are run from Have you thought about the applications that you have running under apache that may be causing this, such as an outdated wordpress, joomla, phpmyadmin, etc? It's very likely that it's a vulnerable application causing it, and the only real fix is to disable the application or update it so it's no longer vulnerable. Maybe run one of the security scanners that are out there, such as websecurify, nessus, or one of the multitudes of Windows scanners. Try this list: http://www.dmoz.org/Computers/Security/Internet/Products_and_Tools/Security_Scanners/ Most are easy to set up, pretty comprehensive, and may give you a direction to head. Best, Alex -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
