The ISC handler mailbox has received multiple reports of web site defacement attempts apparently using the "Defacing Tool 2.0 by r3v3ng4ns" suite of php based scripts intended to deface websites leveraging PHP remote file inclusion
[The box i found this tool was an old rh8.0 box with default php and httpd and allow_url_fopen on !!, solution was to compile all the newest and the greatest stable versions that works for that site
httpd-2.2.4 (latest recomeded)
I work now to upgrade openssh to newest version http://openssh.org/
ssh should only permit access with ssh_key and not with the plain text like is configured now and access should be restrincted to a few users
I will continue after that with aide installation and log monitoring.
then will install mod_security after all http://www.securityfocus.com/infocus/1706]
Blogged with Flock