Others things you can do : * install chkrootkit * look if no ssh authorized key have been installed (/root/.ssh/) * look at /etc/passwd file to be sure no new user has been created * look at sudo (visudo) to be sure that no unsecure rule has been added * change your root password * change your sshd portIt should let you some time to backup and analyse what appened in details...
-- Serge Dewailly - Administrateur Système Le 29/12/11 15:04, Taz a écrit :
Hello, we've got various debian servers, about 15, with different versions. All of them have been attacked today and granted root access. Can anybody help? We can give ssh access to attacked machine, it seems to be serious ssh vulnerability. How can i contact openssh mnt? Thank you.