Think i've been hacked :(

something is up.

I have all ports close apart from the ones that i use.

BUT, there is a file called Thumbs.db placed all over the server

its in so many directories.

also, users home directories are in /proc/1562/root

is that normal?

like /home/matt2kjones

is also:

/proc/1562/root/home/matt2kjones

the Thumbs.db file isn't just in home dirs either

what should i do Think i've been hacked :(

apache, proftpd, exim, kernel, php, mysql, etc are all the latest versions.

the server is redhat 8

 

 

 

 

Top