Host unlimited blogs, websites for $4.95 only with this web host
Register domain names for less than a dollar here

Hostgator and Bluehost are our best webhosts and godaddy.com is the best domain registrar.

This web hosting thread started by itsensellc on 21 November 2008

I’m having a recurring issue where someone is getting a script into /tmp, taking down the webserver and setting up their stupid IRC bot on port 80. It’s annoying because thus far I have not been able to track them down. As soon as it happens I’m combing through the logs trying to find out what PHP script (probably PHPBB or something like it from one of my customers) is letting them through but there is nothing in the logs. I’ve had this happen before but usually there’s some trace in the logs like some ASCII encoded string. Right now I just have little to nothing to go on and it’s quite annoying. I’ve combed all over the net but found next to nothing. RKHunter doesn’t even know it exists.

Any suggestions on how I can track this down or at least set myself up for when it does happen the next time I can trap where it’s coming from and patch it?

Discuss this at WHT or read more about bluehost and hostgator

This web hosting blog is proudly hosted with reliable Hostgator webhosting for only one cents through this hostgator coupon. If you're new here, you may want to subscribe to this web hosting RSS feed