Drew Weaver wrote: > If they got in via SSH and all they did was deface his website > they must be stand-up guys, huh? Indeed. I try to be reasonably quick about updates and the occasional short-notice ssh exploit is rather scary. --- I've found that at least 75-80% of the time there is a compromise the "hacker" doesn't have "local" access to the system, meaning a shell. They simply upload a script to /tmp, run it, and that's their damage. If they are getting in via SSH someone has a bad security policy. -Drew