On 01 Oct 2009, at 09:21, Kimball Larsen wrote: > Thanks for the info - > > now what do I need to do about it? As far as I can tell, the script > was not able to run correctly - it spewed lots of errors to my system > logs, and I've got hosts.deny set up so that the only ssh connections > allowed are from IPs I control. > > Do I need to worry about rebuilding the box? >
Do you have any web accessible sites running on that machine? The most common culprit for hacks of this kind are web scripts with holes. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */