He said he couldnt see it. And i should contact him faster next time it happened, so he might be able to find out more (sounds weird…). But he mainly talked about oxid and what other(modules) things that might be attached to that.
also said, that getimage.php had some heavy activity lately… beside that, he couldnt see much he said.
You can have a look at apache access-logs to see if there are some weird urls present.
[QUOTE=gnomic;129102]He said he couldnt see it. And i should contact him faster next time it happened, so he might be able to find out more (sounds weird…).[/QUOTE]
Believe it or not - he’s right. An access log produces massive data and it is really hard to find something specific if you don’t know what you’re exactly looking for. On the other hand, as you wrote, the .htaccess was obviously altered. There must be an exact date/time for it, right?
[QUOTE=gnomic;129102]But he mainly talked about oxid and what other(modules) things that might be attached to that.[/QUOTE]
Yes, that’s exactly what I’d say to avoid work 
Basically, this is so unspecific that I cannot work with it. Of course we deal with security issues but at least must have some basic information about it. If you’re interested in that, please have a look at these guidelines:
[QUOTE=gnomic;129102]also said, that getimage.php had some heavy activity lately… beside that, he couldnt see much he said.[/QUOTE]
Very vague again 
Regards