Help!! Hacker

Hack files with the ownership of nobody keep showing up in /tmp and /usr/tmp
This has been going on or quite a while now.

openbase_dir, PHPSUEXEC and SUEXEC are on. CPanel, RH and Kernel and all other software is up to date.

The apache domlogs has no trace of the wget command.

I've had 4 very well experienced System Administrators look into this and they can't find anything....

Any suggestions would be appreciated.

 

 

 

 

Top