My main page has be defaced three times in the past 4 days.
I have no clue how they're doing it either and apparently the techs don't either. I have a firewall, mod_security, latest PHP (4.2) kernel version is 2.4.21-32.ELsmp #1 SMP
I also have done everything and more in the "secure your sever thread"
No trojans, no backdoors, no one has access to my servers expect me and passwords and 50+ chars long.
They are only able to change the index.php (index.htm) files.
So any ideas and how exactly to I check through my apache logs and what do I look for?
Thanks
Full Version: main page defaced
If you'd like I can assist you with this, usually its just a vulnerable PHP include script. Check your logs, if you have cPanel you can get them. Just because mod_security is on doesnt mean it will stop everything 
.
In your logs look for things like "cmd.txt" "cmd.gif" "cmd.*" "xpl" "deface", if you'd like to email the log to me xenneo@gmail.com I will be more than happy to find the root of the problem for you.
.
In your logs look for things like "cmd.txt" "cmd.gif" "cmd.*" "xpl" "deface", if you'd like to email the log to me xenneo@gmail.com I will be more than happy to find the root of the problem for you.
I sent you an e-mail
Are you running some sort of php CMS, Blog, Forums, or something along those lines?
i was getting this.. but it only happened in dirs that were 777 permission
now we have removed these its been fine since.
now we have removed these its been fine since.
good to hear 
, I was why he never responded when i told him how to get the logs
, I was why he never responded when i told him how to get the logs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.