[CentOS] Apache Security

Thu Jun 22 16:53:09 UTC 2006
Matthew T. O'Connor <matthew at zeut.net>

Hello, I have a server running CentOS 4.3 with all the latest updates. 
The server in question has been hacked by spammers a few times.  The 
details of the hack have been basically the same every time.  I find 
some directory created by the apache user account in /tmp.  The new 
directory contains an html file, and a list of email addresses to spam 
and a perl script that spams all those email addresses with the html file.

My question is why is this happening?  Obviously it's some apache 
exploit.  I have removed mod_perl, that didn't help.  I have now changed 
the permissions on the perl executable, that might help we will see, but 
that doesn't address the core problem.  How is it that someone can 
upload arbitrary files to my server and then execute an arbitrary 
command via apache.

Is this a know problem?  Have others seen it?  What can I do to help 
prevent this?

Thanks,

Matt