Hi OK... Yesterday I found my server *seriously* crawling, so I checked the process list in WHM and killed a load of MySQL processes, which seemed to fix the problem. Hours later, I got home and found my datacenter had unplugged the server, apparently due to an exploit in the binary /tmp/conn (a port scanning exploit). Also, before it was unplugged, cPanel sent me a CPU warning about high CPU load processing the log file for a particular user. The same thing has happened roughly 24 hours later, although this time I was able to stop the server dying completely by rebooting it. I've absolutely no idea what's going on, I even secured my /tmp folders. Today's crash seemed to be as a result of a log check process using tonnes of CPU. It's all a big problem because the server is a VPS, and the datacenter are very strict if the box starts to hammer the host machine's CPU I need ot find out if I'm infected, and if so - what to do about it. Any ideas, anybody?