stepanhluchan
04-23-2007, 02:31 PM
Hi...not sure if this is the right place to ask, but I don't know where else to post this. I'm having trouble with some of the users accounts probably being insecure, as I'm finding weird stuff in my /tmp directory every now and then. Today there was a .z1 file..when I opened it, I could clearly see that it was a bot script put there this afternoon... My question(s) ;
1) How can I trace back how the file got there and through which account?
2) how can I prevent this to happen? the users are using phpBB boards, I warned them so they updated the whole thing and secured it as much as possible..but still these things are happening.
3) what is best to use to scan the system every day for such files...and for example files that are used for phishing (had to deal with that as well) and have them put in quarantaine or delete them?
Any tips would be very appreciated.
thanks
stepan
1) How can I trace back how the file got there and through which account?
2) how can I prevent this to happen? the users are using phpBB boards, I warned them so they updated the whole thing and secured it as much as possible..but still these things are happening.
3) what is best to use to scan the system every day for such files...and for example files that are used for phishing (had to deal with that as well) and have them put in quarantaine or delete them?
Any tips would be very appreciated.
thanks
stepan