> Hello, I have a server running CentOS 4.3 with all the latest updates. The > server in question has been hacked by spammers a few times. The details > of the hack have been basically the same every time. I find some > directory created by the apache user account in /tmp. The new directory > contains an html file, and a list of email addresses to spam and a perl > script that spams all those email addresses with the html file. > > My question is why is this happening? Obviously it's some apache exploit. > I have removed mod_perl, that didn't help. I have now changed the > permissions on the perl executable, that might help we will see, but that > doesn't address the core problem. How is it that someone can upload > arbitrary files to my server and then execute an arbitrary command via > apache. > > Is this a know problem? Have others seen it? What can I do to help > prevent this? I've also been hacked a couple of times with this sort of exploits. In my case, il was an exploit in awstats, a weblog analyser. If you have it, I strongly suggest you get up to the latest version... Also, if you have php scripts installed, they are a frequent source of security holes.s Nicolas