James Brown: > > I have a VDS under Debian Lenny, > ~# uname -a > Linux 2.6.18-028stab070.4-ent #1 SMP Tue Aug 17 19:03:05 MSD 2010 i686 > GNU/Linux Is the rest of the software as ancient as the kernel? Lenny uses 2.6.26. You should probably ask for a more recent kernel. > Is it a rootkit or other error? I would suspect it's a rootkit. Does the system have any open ports you don't expect? > What I need to do - remove infected > files, reinstall the above > packeges or give an order to my vds-provider for reinstalling my server > at all?! Reinstall. There's no other way to make sure you really got rif of the rootkit. And then make sure to close the hole that allowed the attacker to hijack your system. It's probably either a well-known, but unpatched piece of software or a homegrown, easily exploitable application (custom CMS or something like that). J. -- I often blame my shortcomings on my upbringing. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature