Kevin Brown wrote:
> 
> http://www.backhand.org/mod_backhand/
> 
> Looks like you have a load balancing module running for apache.  Searching the
> web brought up a number of other hits that contained logs that show that
> mod_backhand does call suEXEC for some reason.  If you only have the one
> instance of apache, as opposed to a web farm, you could probably safely turn off
> this module in httpd.conf.

thanks for the suggestions!

Another odd bit...

I wrote a cron script which scimmed the error and access logs every
morning and auto emailed any code red or *.exe attempts which came
within the domain to the appropriate security personel...  I just
discovered that my crontab was blown away sometime ago, and it looks
like 11/26 from the lack of tell-tail signs.  The logs reveiled some
interesting stuff.

Anyone know of some good sites to read up on Linux/HTTPD vulnerabilities
etc?

Thanks again.

  EBo --