Hi, One server that hosts several domains ended up with the message "Owned by W4n73d H4ck3r". While still performing an audit I am very confident that this was caused by a php script (it is a linux server) uploaded via FTP or by a defective site hosted (perhaps vulnerable version of a CMS). The symptons seem clear, files owned by apache are vulnerable and the attacker script scanned the web tree and started running. So, basically two questions: - how to detect where this came from - how to prevent it from happening again Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php