On Fri, Dec 03, 2010 at 02:52:51PM +0000, Karanbir Singh wrote: > On 12/03/2010 06:26 AM, abhishek jain wrote: > >can anyone here suggest me what should i do, > >i am not sure how user1 logged into server, further what does the command > >"perl udp.pl 92.114.6.32 0 22" mean which eats up 99.7% of CPU . > > > > You have already had a lot of good advice here, I'll add a few more things : > > - backup you data, and only your data
Oh and one more thing. If your VPS hosts applications which store passwords of users, and if you suspect that the cracker got a shell (in this case, it looks certain) make sure that you let your users know that their passwords may have been compromised. Some applications (I think even mailman was some years back) don't use one way hashes for storing passwords (ostensibly to helpfully send these passwords back to the user when they forget their password). If a person got shell on the account, then he could have easily taken a look around and picked up all the passwords he could find. Some of these are worth quite a few $$$ in the "market". Difficult decision, yes. Many clients might not take it as an example of genuine concern for their own sake (which it is) and scram to a competitor with less scruples. - Sandip _______________________________________________ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd