Quote:
Originally Posted by CYF
there is malware for PCs that will use your stored FTP passwords and upload crap to your servers. Might want to check into that as well.
|
I think this was the case. I reformatted my main machine about two weeks ago because "something funny" was going on. That was the only machine that I was using to upload to the sites that were hacked.
So the root SSH was not comprimised, nor were any accounts for friends that I am hosting. Suggesting, the problem was that machine was freely sending out passwords.
All accounts changed, new machine has new virus software on it, server "appears" stable as of 10am...
The good thing is that it appears my home machine was hacked, not the server itself. Also, I don't have any ability to FTP to any sites that are important. Only ssh on non-standard ports.
I will disable remote-root password ability once this blows over. Must login to another account, then su if I want to get to root - I forget what that feature is called.