-1

Possible Duplicate:
My server’s been hacked EMERGENCY

i do not understand how but someone is uploading a php file into the public_html directory of my CentOS 6 server like statisticsuQPo.php

this php file gives me "linux10+cfcd208495d565ef66e7dff9f98764da"

and it is sending spam mail's without end.

i have remove the file maybe 10 times but i do got it back every day.

how can i solve this problem? is there anything wrong with my apache configuration?

Community
  • 1
Mustafa Oenal
  • 1
  • 1

1 Answers1

0

Your 'problem' is almost certainly a buggy web-application combined with bad security settings. Since your system was compromised you should almost certainly nuke it from orbit and rebuild it.

  • Take it offline
  • determine the root cause
  • fix the problem
  • actually harden your setup, so even if that app gets compromised again, it can't actually be used to install executable content in a location where it is possible for the code to be executed.

Simply deleting the files that are being created just addressing the symptoms. You are not fixing the problem.

Community
  • 1
Zoredache
  • 130,897
  • 41
  • 276
  • 420