Quote:
Originally Posted by rootsupport
First change the root password, and get your security administrator to check the complete server and remove all vulnerable scripts, delete unwanted users if they have been created etc...
|
I would go with:
- make sure their not still in the box to start with
- stop all processes you have no idea what they are
(esp. if they are some type of cron job running that you did not auth.)
- change passwords
(if its a hosting box, start changing all clients pwds too)
- continue to work to fix the expolitation point and fix
- send someone out for coffee and/or Mt. Dew........it could very well be an all nighter you pull if you are doing this alone.