Hi there, On Thu, 21 Mar 2002, John Michael wrote:
> Any idea as to how it got on my server. Nope. There are a thousand ways it could have been done if your server is not carefully secured. Do waht Perrin said - take it offline, it can't be trusted - and read the CERT stuff that you've been pointed to by another useful reply. The server probably has a dozen back-doors in it now so it would be irresponsible to leave it on line. Unless you *really* know what you are doing from a security point of view (and without meaning to be offensive it sounds vey much like you don't) you should wipe the discs and reinstall the OS and server(s) from scratch. Then do some serious reading about securing your server. Don't run any daemons you don't have to run, especially ftp and sendmail, if you aren't sure of them. 73, Ged.