Thanks,
I will take a serious look at mod_security. I do install security updates
which is why I believe this to be my error on the configuration side and not
a hole.
Thanks for all you help. -cs On Mar 2, 2005, at 7:03 PM, Alexander Dalloz wrote:
See Dave's and Leonard's replies. Your system is owned! :( And as it
looks it is the worm / trojan known to come in by weak phpBB installs. I
would heavily appreciate if you would us all inform how that could
happen. You always installed security updates quickly? Do you have
something running with Apache which can be misused? When the phpBB worm
info came in through bugtraq I installed mod_security to disallow
specific things. It is a nice add-on for Apache (1.3 and 2.0). I use it
to restrict those ways the phpBB worm comes in as some of my users use
that forum software. http://www.modsecurity.org/ is though more general
and not a phpBB protection tool. Worth to have a look at it.