Hello to everybody,
this forum is greattt...today I find this forum on google because I have big problem on my server!
Somebody every day put some files (vadimI) in my var/tmp dir and start it and I don`t know HOW!
On net I find informations for secure tmp on servers who use whm/cpanel and now I have two tmp folders (var/tmp and tmp) but, that don`t help...
Also, I disable compilers on server...
I can`t find nothing about that in logs (/usr/..../domlogs and var/log)...
Also, I use chkrootkit and I can`t find nothing...
My server is on RH 9/cpanel/apache 1.3.31...
What I can do more?
If you want I can send to you all files who he put in /var/tmp...much files
Please somebody help me
Thanks.
Sorry if my english very bad...