Apache in RH 7.3

Guys... I need help . !! Someone is uploading a lot of scripts ( bindtty , ptrace etc .. ) to /tmp directory and trying desperately to get root access. He is doing it through apache and all the scripts are in apache:apache ownership. He had been trying for almost a month now. And its time I throw him out forever .

Server is : redhat 7.3 ...
Kernel : 2.4.20-30.7.legacy

Apache : apache-1.3.27-6.legacy
Openssl : openssl-0.9.6b-36.7.legacy
Mod_ssl : mod_ssl-2.8.12-7.legacy
PHP : php 4.3.8

all rpms .. downloaded from the redhat site... !!

I searched for malicious php scripts in the server , but couldnt find any . So whomsoever is doing the upload , he is doing it remotely . ( atleast thats what I think ) .

Can somebody give me some idea on how-to-kick-this-guy once and forever .

 

 

 

 

Top