Creating symbolic links from a compromised account is a typical tactic that hackers use to gain access to files not owned by the account that they have hacked. To help prevent this you can apply a patch that was developed by Steven Ciaburri over at

To install the patch run the following commands from ssh.

wget -O /scripts/before_apache_make
chmod 700 /scripts/before_apache_make

Then recompile apache using easyapache


You can also check a server for symbolic links that have already been created by running

find /home*/*/public_html -type l

If you want to remove the patch just do the following

rm -f /scripts/before_apache_make
#Rebuild apache after.

If you need additional help please check out

Leave a Reply

Your email address will not be published. Required fields are marked *

To submit solve the problem below * Time limit is exhausted. Please reload the CAPTCHA.