server hacked (?) - how?
One of my client claims his website was hacked and the hacker got the source code of his own very valueable script.
He spoke with the hacker and that said that he used a vulneribility in our server to get the files.
How could that happen? What program could be vulnerable?
We have open_basedir set to the user's dir (hacker said he didn't use a badly-written script), tmp is secured, safe_mode is on, PHP can't exec system commands, rkhunter+chrootkit finds nothing, no root logins except me
System: CentOS 4.0 kernel: 2.6.9-5.0.3.EL
Thanks for your helpful input in advance!
