Hi there, my root server (debian lenny) was hacked and a lot of files were deleted from the /var/www/webXX folders. I have checked access loggs and there were no failed or successful SSH logins at the time the hacking took place, apart from ones from my own IP. I checked the apache logs and found no "exec" calls or anything like that (although I'd be happy to post the logs for inspection here). FTP logs are clean, no FTP logins at the time of the hack. I do have a website for uploading/sharing images (for members of one of my forums) which is based on a free no-name picture upload script, which can also be seen in operation here: http://www.nainoom.co.cc Also one of my forums (vBulletin) has a flash chat by Tufat integrated. Those two seem to be two prime candidates for security problems (in my opinion). So now they are both offline and I don't want to bring either one of them back before I can figure out what happened. Since the hacker/script that entered my server deleted files en-masse I could imagine that they deleted the offending script too. What do you guys think? Forums/Websites were all up to date versions of their respective software.