php attacks

Typically the attackers are pretty easy to track down, however, recently a couple of the servers I look after have been attacked and I am unable to find much of a trace.

Typically I can track these down by searching through logs for filenames, the directories they create or some command I can find out they run. However, these have been a little more challenging. I do know they are running under nobody (php exploit) and that they make it no further. Can anyone share some thoughts as to other exploits/methods I can search for to find the log entries where they are coming in?

 

 

 

 

Top