----- Original Message ---- > From: John R. Dennison <jrd at gerdesas.com> > > I stand by my previous advice - the box is compromised, can not > be trusted, and as a responsible admin he should be working on > re-installing it, evaluating what web-apps he had running that > led to this in the first place and taking the appropriate steps > to ensure it does not happen again. > > what steps should i take. i was running centos 5.2 fully updated. the web apps or daemons i have running are from the repos. i have other mandriva boxes and they all are ok. i m just so surprised that a centos box got compromised.