server exploited / hacked ?
In my /tmp directory there's a subdir PSYBNCIt has owner/group rights of APACHE
There's a process running ./psybnc
How can i prevent such things happening and how can i find out who / which domain is affected.
Does anyone have a script to search apachelogfiles for keywords like psybnc .
Notice : OS RH9.0 and Plesk 7.5.2 so apachelogs are in different locations.(directories)
Thanks in advance