Hacked again!!! Help !!!
Few days back on my RHE 3.0 server , IRC bouncer attack took place with xdcc.dot.. etc someone uploaded ls/ directory in /var/tmp ...
Unfortunately they cane back again:
see this:
oot@hosting [/]# find / -name "iroffer*"
/var/spool/vbox/iroffer.tar
/var/spool/vbox/iroffer
/var/spool/vbox/iroffer_chroot
/var/spool/vbox/iroffer.cron
/var/spool/vbox/obj/iroffer_admin.o
/var/spool/vbox/obj/iroffer_dccchat.o
/var/spool/vbox/obj/iroffer_display.o
/var/spool/vbox/obj/iroffer_main.o
/var/spool/vbox/obj/iroffer_misc.o
/var/spool/vbox/obj/iroffer_transfer.o
/var/spool/vbox/obj/iroffer_upload.o
/var/spool/vbox/obj/iroffer_utilities.o
/var/spool/vbox/src/iroffer_admin.c
/var/spool/vbox/src/iroffer_config.h
/var/spool/vbox/src/iroffer_dccchat.c
/var/spool/vbox/src/iroffer_defines.h
/var/spool/vbox/src/iroffer_display.c
/var/spool/vbox/src/iroffer_globals.h
/var/spool/vbox/src/iroffer_headers.h
/var/spool/vbox/src/iroffer_main.c
/var/spool/vbox/src/iroffer_misc.c
/var/spool/vbox/src/iroffer_transfer.c
/var/spool/vbox/src/iroffer_upload.c
/var/spool/vbox/src/iroffer_utilities.
I have already blocked port 6666 on server..
But still someone is playng with this..
Any suggestion?
