My web server has been attacked by c99 shell script, the problem is that I can see database password in the access log's GET . and also the script could create symbolic links to other websites on the same server.
How can I figure out how this happend?
How do I stop c99 from being executed ?
Is OSSEC useful for these cases?
if not is there any tool can help in protect web server from this kind of attacks?