First of all, your system HAS been compromised and the system utilities probably have been patched, that is, modified so that the hacker can get back in or whatever.
When the OS has been molested like that, the only thing you can do is backup everything, format and start over. Even if you lock the intruder out, you cannot trust the integrity of the OS anymore.
Second, you need to get a sysadmin. Go over to WebHostingTalk.com and post for a sysadmin. You'll get plenty of knowledgeable responses from people who will work for next to nothing via PayPal.
Do you use cPanel, by any chance? I had this happen to a cPanel server about a year ago, it was the biggest fucking headache ever. I eventually laid the blame on a hole in phpBB and/or cPanel.
|