Server load unusually high, compromised for sure

Hello,

I am running a box with Redhat Enterprise 3 on it, and I am having many problems as of Christmas day. I found 10gb + of ripped Anime in my /tmp folder, which I removed. I ran the rootkit checker in cPanel and it "detected" a bunch of them. I just am having trouble removing all of this and can't afford to use rack911.com as of right now. I use the server for mostly personal stuff, but it's got me right now. I guess it's exploited and someone is sending out those bogus e-mails about banks in Africa and whatnot, and running "iroffer", which I found is an IRC File server, or something of the sort. I found that and deleted it. I attatched a report.txt of my top. If anyone can help me please let me know here or PM me.

I do not see any problems in the report as of right now, but I do not for a fact that my mail server is being abused. I also know that the server has been exploited, but can people hide processes that use a lot of CPU from me seeing it?

EDIT:

I just did a ps -aux |grep nobody and I attatched the results. Looks like a got a bunch of bots running as nobody.

Thanks,



KoSoVaR

 

 

 

 

Top