View Single Post
  #2  
Old 23rd January 2010, 18:05
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

Install rkhunter:

http://www.rootkit.nl/projects/rootkit_hunter.html

and run:

rkhunter -c

Quote:
I had checked all my crons, but i didn't see any suspicious... maybe is a bug of ISP config, i don't know.
Possible of course but not that likely as there are no known bugs. Check your logs if someone loggs in with ftp or ssh. Do the sites where the pages get modified have anything in common e.g. the same cms installed in the site. Have you updated your phpmyadmin, there was a bug some months ago which was used to infect servers. Also do you had all updates of your linux distro installed?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote