We do use PHP but we do not use any program to manage the PHP. So nothing should have apache permissions to write and execute. Still searching... Doug -----Original Message----- From: tclug-list-bounces at mn-linux.org [mailto:tclug-list-bounces at mn-linux.org]On Behalf Of linuxguy Sent: Thursday, March 04, 2004 3:58 PM To: TCLUG Mailing List Subject: Re: [TCLUG] Attack >>>It is an email and web server. >>> >>> >>> Does it happen to be running PHPNuke or anything similar to that? PHPNuke and other web content portals can have holes in them that allow users to view your /etc/passwd file or basically any file on your filesystem that your apache user can view. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list