Re: [CentOS] I appear to be attacking others

Looks like someone may have guessed the password to this account. Use "netstat -plan" to find out what PID 15763 is connected to.

The foreign address is coming from a whole bunch of different places.

...

hotmail 6445 0.0 0.1 4428 856 pts/3 S Feb04 0:00 | _ /bin/sh ./s 63.200.0.0/16 hotmail 6446 0.1 0.0 308976 484 pts/3 Sl Feb04 1:25 | | _ ./f -h 63.200.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C

Also find out what these 2 executables are about. If they're binary then run strings on them.

How do I tell where these executables are? And when I find them, how do I runs strings on them?

And most importantly, run "usermod -s /sbin/nologin hotmail".

I ran this.

Really appreciate your help.

James