SPAM from my server

Hello everyone,

This is the message that we recd. from our datacenter.

we detected an abnormal amount of outbound UDP traffic (approximately 185 Mbps). The traffic is originating from your server

[XX.XX.XXX.XXX] directed to [XXX.XXX.XXX.XXX]. A brief investigation indicates that your server may be compromised. We found some

malicious processes running and have killed them.


Malicious Processes
26960 nobody 25 0 2460 1112 632 R 24.0 0.1 4236m 3 perl
11412 nobody 25 0 2816 1672 856 R 6.3 0.1 0:54 2 perl


We ran chkroot but found nothing...how to we ensure that this does not ocur again.

Please suggest what to do.
if we block mail() we will not be able to send emails from our websites.

Sincerely,
Jaunty

 

 

 

 

Top