Yesterday I noticed my server was running very slowly, so I checked the running processes and say the following:
./gma xxx.xxx.xxx.xxx 0 0 0
and in place of the x's was an ip. My pure-ftpd had been hacked and my server was performing a denial of service attack. Because I could not deal with the problem at the time, I shut the server off. I have restarted it and switched from pure-ftpd to pro-ftpd, and everything apears to be running normal. I checked all of my logs; and the only suspicious things I found were a feq connection attempts within one second of eatchother which all disconnected the same second. Anyway, now that I have eveything backonline, cpanel is extremely slow, and using the ssl port times out; as does whm, so I am at a loss for what to do; I know the hacked process isn't running, and I have restarted cpanel as well as the whole server, but it has not helped the situation. Any suggestions would be greatly appreciated.