Thanks for your reply.
THe problem is that I do not see any files changed on the server (and thus cannot check the owner of them). Where should I look for the possible evidence of someone else being there?

On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew <> wrote:

On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:

Yep, someone's been there.  Take it off the 'net, if you haven't already!
And get someone competent to look: anyone on a list like this
can only speculate!

First question, who has non-WWW access, particularly a shell?
If the offending files are owned by a user other than the webserver,
it's not likely to have happened through the server.  And if that's
happened, you may want to reinstall the server starting with a clean
operating system install.

If it did happen through the server, what apps let you upload contents?
The usual suspect in cases like this is some shoddy PHP app.  You might also
want to fire the admin who left contents space writable by the web user!

Nick Kew
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
  "   from the digest:
For additional commands, e-mail: