Server hacked?

[NoOp]

On 01/01/2008 07:37 PM, Hal Burgiss wrote:
> On Wed, Jan 02, 2008 at 12:35:23AM -0000, Joris Dobbelsteen wrote:

>  
>> It also has wonk.tar.gz from 2007-03-18.
> 
> I agree that the most important thing is to find how they got in. Even
> if you do a clean install, tighten up everything, but put the same php
> applications back, you might still be just as vulnerable. 
> 

*That is the key* to cleaning any system. I can't begin to tell you how
many customer systems I've run across in the past (admittedly Windows)
whereby the customer would reformat, clean, etc., etc., and then reload
the same data back onto the drive from a recent backup that had the
infected data on it. I'd try to explain that even if they installed a
new hard drive the problem would come back every time that they
reinstalled the old infected data.