On Friday 03 Dec 2010, abhishek jain wrote: > hi friends, > I today noticed my VPS was running too slow, then i logged into root > , and found a lot of load on it (> 240 ). > I did a ps -ef and a lot of process were running, a lot of them were > > > user1 23771 1 0 15:36 pts/0 00:00:02 ./atack 800 > > Also in WHM i see a process > > user1 99.7 perl udp.pl 92.114.6.32 0 22 > > can anyone here suggest me what should i do, > i am not sure how user1 logged into server, further what does the > command "perl udp.pl 92.114.6.32 0 22" mean which eats up 99.7% of > CPU .
Apart from all the advice others have given you (use updated packages, switch off unwanted services, etc), do a fresh reinstall of Linux on this VM. Once a (virtual) machine has been compromised, it's nearly impossible to be 100% sure that you have cleaned it up unless you're a real Linux/Unix dada with hundreds of years of experience. Rootkits can leave their components lying around anywhere in your system, and you can never be sure that you have managed to purge the whole worm. Reinstall, reinstall, reinstall. Regards, -- Raj -- Raj Mathur r...@kandalaya.org http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance & Chill: http://schizoid.in/ || It is the mind that moves _______________________________________________ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd