Hi, I am new to this list and I have a question concerning possible attacks on a webserver I am maintaining at my university. Regular checks of our logfiles turned up some strange requests coming from various IP addresses over the last week. They usually lasted for half an hour leaving the following entries in our logfiles: in /var/log/access_log: xxx.xxx.xxx.xxx - - [01/Jul/2002:19:24:51 +0200] "POST /index.php HTTP/1.1" 200 12781 ... (every 5 secs.) in /var/log/error_log: [Mon Jul 1 19:24:48 2002] [notice] child pid 877 exit signal Segmentation fault (11) ... (roughly 4000 segfaults altogether) The machine is running SuSE 7.3 with the following packages that may be related to these events: nue007:~ # rpm -q --all | grep "apache\|php" apache-devel-1.3.20-66 mod_php4-core-4.0.6-160 mod_php4-4.0.6-160 phpMyAdmin-2.2.0-21 apache-doc-1.3.20-66 apache-1.3.20-66 Perhaps this is nothing to worry about, but I was not sure and had a look on the internet. I assumed a connection with the PHP file upload vulnerabilities and exploits as discussed in <http://www.cert.org/advisories/CA-2002-05.html>, <http://lists.insecure.org/vuln-dev/2002/Mar/0025.html> and <http://lists2.suse.com/archive/suse-security/2002-Jun/0414.html> but thought that these were already patched using the above packages as described in <http://www.suse.de/de/support/security/2002_007_mod_php4_txt.html>. Does anybody know if there are other explanations for these segfaults? Am I still vulnerable even after doing regular security updates of all packages? How can I find out if my machine has been hacked? Perhaps this information is available somewhere on the Internet, but I didn´t find anything and am hoping that someone on this list can give me a hint. Thanks in advance, Bastian