I've been hacked... darn... NEED HELP!?
- I recently found weird directories under /home
- experienced weird spikes in traffic
- Today I found the following programs over the last few days and others with high cpu usage under my CPU/MYSQL usage history
./ssh3 150
./john paid
./john --restore
./john molsci
- Finally I got a call today from someone saying that my server is doing random SSH login attempts on their server and that they can see an IRC service running....
so my immediate reply was... WTF>>>> i have been hacked .... and someone on my server has root...
SO i am hear calling for help...
- who can recommend someone... and what are your experiences with them?
- how can i atleast disable the root access that this person has obtained... ?
- what are the payment methods?
- Do you think the server has to be formatted or would somoeone have to diagnose it first?
SPECS: LINUX/CPANEL, Dual XENON 2GBRAM, CPANEL appears to be up to date... but I know that other measures need to be taken...
I'll go and read some of your experiences but my i wanted to ask for help here first...
The server is for friends and i host their sites but I have atleast one client/site that i can't afford to screw up... plus i was hoping to take this hosting thing serious once i learn the ins and outs...
Thanks in advance...
