Quoting Minh Van Le <[EMAIL PROTECTED]>: > [root@f1 16:35:16 init.d]# ps auxw | grep syslog > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > root 948 0.0 0.2 1476 324 ? S Nov26 0:14 syslogd > -m 0 > root 1617 22.0 0.3 3072 468 ? S Nov26 1311:00 > syslogd > root 31337 0.0 0.4 1732 600 pts/1 S 16:35 0:00 grep -i > syslog > > Doesn't look too good. Two syslogd processes running since the last > reboot. > > I'm taking the box down. >
And I'd say the one with PID 1617 (getting vast amounts of CPU TIME) is the bad one. aka.. the bot for which is joining the irc server you identified. I'd rebuild it, and be sure to secure the new box a little better then the one that you had hacked. Good Luck -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
