Help Needed - URGENT

Here's the story. About a few weeks ago, I posted a message on the "Other Requests and Offers Forum" asking for a server admin. I got a guy that seemed pretty cool and helped out with some issues I was having at the time. Up until about a week ago, it seemed he was always anxious to know if I was having any problems, and then just about all contact was broken.

I did a check a few moments ago on sites that were linking to HostCreations.com. I ended up finding this:

http://lofs.unleashed.ws/index.php?id=content/downloads

If you look closely, you can see my site listed as a mirror. Now, I definetly did not authorize this and had no idea I was mirroring this file. I deleted the file and started checking for malicious activity. Logged in to SSH and found the following message:

Last login: Tue Jan 27 16:49:14 2004 from levy.unet.edu.ve

I did some research on that, and found it was coming from somewhere in Venezuela. Well it just happens that this is where my server admin is from. And it also appears he has not infact left the face of the Earth, since the login time has only been a few hours earlier.

What I need is advice, or possiblely some sort of walkthrough for what I should do. Changing the root password really doesn't sound too good, as I'm afraid he may have changed settings on the server that would allow him to exploit it even after the root password is changed.


Please advise!!! Help Needed - URGENT

 

 

 

 

Top