On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rilindo at me.com> wrote: > The script in question is an exploit from a web board which is apparently designed to pull outside traffic. If you had SELinux, it would put httpd in its own context and by default, it will NOT allow connections from that context to another. You have to enable it with: The only time my server got hacked was because of phpBB. Using cross-site scripting, the hacker managed to put a pl file and when I ran it, it opened a console. Apparently you are running one of the web boards. Pls follow up any security advisories of that product and any addon/module closely. If you are really curious how yours got hack. You can setup similar system and put a bounty (maybe $1000) in one of the underground community for anyone to hack it and tell you how they do it.