Having run Apache on a FreeBSD box since January 2002 with no serious hacks, I've recently been hacked by someone who installed Dark Mailer (dm.cgi) . . .what a pain in the "reverse lookup".
I've started this thread as a "place holder" for anyone who might have some experience dealing with this sort of thing.
FYI, here's a WikipediA link:
http://en.wikipedia.org/wiki/Dark_Mailer
Apparently, the culprit hacked my FreeBSD userid and installed the Dark Mailer system in a cgi-bin directory. I confess . . .I was experimenting with making mysql available from a website and mysqld was running without a password for a day or two (my mistake). Also, I found some "apache" logs where I had inadvertently used my FreeBSD password rather than the password from .htpasswd regarding a webpage .htaccess passwd, and since the server is not running SSL, the passwd was very obvious. (We're going to step up to the plate and purcha$e the certification.)
I'm interested in suggestions regarding latest firewall technology, etc. to guard against this sort of hack.
Thanks,
RW