Well I thought this was the best place to ask for help. Recently my site was suspended by my host for an exploit. They told me the original programmer left my apache password as apache and perl as perl so yep easy access. Im trying to see if any of you guys can help me fix this. My host claims its simple if you know what your doing and well I do not. below is a message from my host. also my phpbb board was fully updated i justy need to fix the perl and apache stuff. please help thanks in advance Suspended due to exploit ============== Message: ============== Hello, I have had to suspend your account, as it has been exploited. It was running perl as your username, and also Apache as your username (this shouldn't happen) In the global /tmp and /dev/shm directories were files called: pwned, r0nin and w.tgz These indicate that the account was exploited. I have removed these files. We need you to update all your scripts to the latest versions, or remove them. Please let us know once you have secured your account and we can reactivate it. When you reply, please give us details of what you did to secure it too. This line from your raw log files seems to indicate that it was caused by an insecure version of phpbb.
It seems to me like you've done what you could updating your phpbb. I remember seeing the exploit. Read the stuff I posted way back in Febtober: http://bbs.clutchfans.net/showthread.php?t=91174 There is a separate PERL account? I never had to do that in ANY site. I don't know about that one. You may not want to include in here that last line from your logs. Is that your site at the very end of the line?
