On Sat, Jun 27, 2009 at 12:21 PM, Mag Gam<magawake at gmail.com> wrote: > I am not sure what else measures I can take. Can someone please assist? You should install an Intrusion Detection System (IDS) as they are great tools to assist you in how the crackers are gaining access into your system. >We see load averages of 500+ and see people from all over the world >logging into our server (used last). If I understood you correctly, you're saying that running the "last" command shows logins worldwide that are not yours? Immediately suspend / disable / lockdown the accounts they're logging into if they're not important (say a user thats only used for a daemon). If I were you I would immediately set up keys for your ssh, disabling root ssh login (you can gain root via "su -" or "sudo" once you login), and only enable protocol 2 for ssh. Install an iptables frontend like APF to help you ban malicious IP addresses. Are you running the latest version of CentOS? Make sure they don't have a critical exploit like a kernel privilege escalation exploit. -- Best Regards, Justin Bull http://www.sohipitmhz.com/pubkey.txt (PGP Public Key)