user accounts hacked

[bas1968]

I have a problem, in all user accounts on the server with directories having 777 rights there is a php file and a .htaccess file uploaded. This php file looks is a number like 23145.php and owned by apache. All files have the same date and time and it looks a scripts has injected this files. Does somebody know what this is and how to solve?

 

[SeLLeRoNe]

well post the content of one of those file should be usefull to see what change, but, i think is related just to user, can send spam or try to chroot, just the content of that file can show what that file really do, .htaccess file content is usefullt too.

 

[nobaloney]

Once you've removed the hack from the server remember that you should never allow 777 rights on any web-facing directories; those rights are extremely insecure; generallly anyone in the world who knows how can put anything they want into those directories.

Jeff