Follow up: the ssh port is open on my host, but ssh is disabled: "Shell access is not enabled on your account!" I'll drop it so I don't cause my isp undo heartburn.

I used Mac's Network Utility to portscan my host, but only found a minimal set of the usual suspects. Nothing that looks dangerous.

Again, thanks for the advice.

It's a Linux host, and yes, they do advertise telnet/ssh access, but they've ignored two requests to grant access. I haven't pressed the issue. Sorry, I don't recall the error received the last time I tried to ssh in. (I'm at work and don't wanna try it from here.)

Right now, I'm inclined to trust that the admins are on top of things, though I might try a port scan. (Thanks, Marco!)

XOOPS... I'm lovin' it! And the spirit of the XOOPS community is great, too. Thanks for your help!

Quote:

I've been with RoundBerry for almost a year, and they're tech support has, overall, been very good. I just get the feeling they're taking a CYA position.

Since I don't have telnet access to my account, I'll see what I can dig up in the logs. I appreciate your input. Thanks!

Okay, this creeped me out. I need to talk to somebody.

I have 7 XOOPS sites (2.0.13.1 - 2.2.4) hosted on a RoundBerry resellers account. Late yesterday afternoon, loading any page on any of these sites also started a download of the xpl.wmf trojan. Other than trying to infect my pc, the sites behaved themselves. Phplist (outside of XOOPS) did the same thing.

I contacted the admins and they said it was caused by a "dynamic module loading without apache". They removed this 'module' and all is well. Except for my wits. I'm not an apache wizard, but the admin's explanation is not comforting. I asked again and got the same answer.

Anyone know if there's a mod_spyware for apache?