> > To begin, I'm running OpenBSD trim.chrispyfur.net 3.6 GENERIC.MP#173 > > i386. > > > > I have some suspect files in /tmp, and I'm fairly sure that they > > shouldn't be there. Only thing I can't twig is what method the > > attackers used to get the files into that directory. The files are: > > Is this doing any A/V scanning? You have told us nothign about the host in > question: is it an email gateway? DNS server? etc.
I'd suspect it has something more to do with an easy-to-guess password. --Bryan
