Article 4365 at 06/03/27 05:51:29 From: brucetimberlake (at mark) gmail.com Subject: [coba-e:04365] Re: Monitoring Ports, Processes

Index: [Article Count Order] [Thread]

Date:  Sun, 26 Mar 2006 12:56:47 -0800
From:  "Bruce Timberlake" <brucetimberlake (at mark) gmail.com>
Subject:  [coba-e:04365] Re: Monitoring Ports, Processes
To:  coba-e (at mark) bluequartz.org
Message-Id:  <f76f5d3e0603261256i455e91c2w69ec28062c7f9cae (at mark) mail.gmail.com>
In-Reply-To:  <7.0.0.16.2.20060326095022.055d8928 (at mark) muntada.com>
References:  <200603251503203.SM00400 (at mark) virus>	 <002801c65033$a1094010$2f427dd1 (at mark) chrism>	 <7.0.0.16.2.20060326095022.055d8928 (at mark) muntada.com>
X-Mail-Count: 04365

>  A client has a website that uses PERL and PHP.  The site keeps getting
> compromised.

What do you mean by "compromised" ? Is someone able to get shell
access to the server? Are they defacing the website somehow (replacing
content)? Using the server to send spam?  Does it seem to happen at
certain times of the day?