On Wed, 2005-03-02 at 18:12 -0500, Chris Strzelczyk wrote: > Alright well not it's certain I have a friend on my system. I have > found this file named "https" on my > system in /tmp > > I'm not as PERL savy as I want to be but it does open IRC on the > server. The file is owned by apache:apache. So it > looks like my friend is using Apache as a tool. Would anybody have a > clue on how he could get this in tmp and then run it? > The file was not set executable either. <snip> Look in /var/tmp - anything there called aVe or uselib24 or bots.txt? Also, look in your /var/log/httpd area for anything weird in access_log or error_log. Thomas
