Forum OpenACS Q&A: Response to Security: Hacker sends Viruses

Posted by Ola Hansson on
I'm sorry to hear about your situation...

Disconnecting your network connection as soon as possible is what I would suggest if it's not already been done, but first issue a "netstat -a|less" and look for suspicious connections established.

You might also want to review the log files in /var/log.

Check /root/.bash-history as well...

If the abuser has gained root access really all you can do is blow out the entire RedHat installation and do a fresh install/restore. This time preferably behind some kind of firewall.

Good luck!