/tmp tracing files

Although i have /tmp noexec, certain files have appeared with apache ownership, named index, index.1 and rpcd

these according to apache logs have come from:
[urls removed]


is there any way of finding out which site on my server was exploited to get these? I dont allow phpbb and pretty sure there aren't any running. Logs don't show which site was exploited...could grep help ?

 

 

 

 

Top