Matthew T. O'Connor wrote: > Hello, I have a server running CentOS 4.3 with all the latest updates. > The server in question has been hacked by spammers a few times. The > details of the hack have been basically the same every time. I find > some directory created by the apache user account in /tmp. The new > directory contains an html file, and a list of email addresses to spam > and a perl script that spams all those email addresses with the html file. sounds like scripts and bad code on the web-doc-root being exploited. consder enabling SELinux. this is the sort of thing that selinux was meant to prevent, and does a very good job of it. -KB -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq