0

I have noticed some changes on VPS Debian Squeeze and looked with history to see what commands were run. Then I found some which I'm 100% sure I didn't run because I don't know what are they. Somebody run some tools which suspect are some hackers stuff. Look at these commands:

gcc .ssyn.c -o ssyn
gcc .ssyn.c -lpthread -o ssyn
./ssyn someIP 52521 10 -1 600

gcc .slow.c -lpthread -o .slowloris
./.slowloris http://phplens.com/lens/php-book/optimizin
g-debugging-php.php 10 rien.txt 600

I have searched google, but I don't understand anything I'm afraid, I didn't care much about security before.

What are these tools? How to protect?

cikatomo
  • 149
  • 4

1 Answers1

4

This is what Slowloris is: http://ha.ckers.org/slowloris/. It's a tool that allows you to 'take down' other websites.

You've been hacked. They have your account details. Wipe your server, re-install it, and add some security this time.

Jay
  • 6,439
  • 24
  • 34
  • is there any other solution. To change passwords, make iptables? anything besides re-installing? like this http://xflix.wordpress.com/2012/05/24/securing-a-debian-based-vps/ – cikatomo Mar 23 '13 at 19:06
  • 2
    It's too late. You don't know what else they've added - they could have very easily changed your SSH so it emails them every password for every successful login, installed backdoors, anything. – Jay Mar 23 '13 at 19:08