Quoting Ken Gilmour (ken at playersonly.com):
> Ok this is the conclusion i have come to on this problem. I cannot find
> any patches on that and none of my security team seem to know anything
> about it which is quite unusual, it's also unusual for Debian to go that
> long without issuing a patch.
This may be way off the mark, but is it possible the compromise was via
mod_ssl? There has been quite a lot of probing of Apache/mod_ssl sites
lately looking for people who've not kept up with recent fixes.
(People running https subhosts, you might want to disable SSL until
you're sure you're current.)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!