Urgent request : Server sending ~25mpbs UDP traffic out, need help. $ can be paid

[ShAwNz]

Hi

This is what i recieved from my provider

Dear customer,

It has come to our notice that starting from 1600hrs today (2/3/05), one of
the IP addresses assigned to you (xxxx) has been sending a flood of
UDP packets (~25Mbps) to xxxx port 53.

This is the second time in less than 4 weeks that your server has been
compromised and used to flood external machines.

As a precautionary measure, all traffic to/fro your server except for
Singapore One traffic will be blocked with immediate effect. This will allow
you to have access to your server to investigate this problem.

Please note that full access will only be restored upon satisfactory and
reasonable explanation as to how this incident was allowed to occured and
measures taken to prevent it from happening again. Your feedback will be
reviewed during office hours only.

Thanks for your attention and best regards,

Is there any reputable system admin within this forum willing to help ? I can pay (not alot) and also give you a monthly server managing job if you'd like. Again, i cant pay alot. Please as this is urgent, if you can help PM/post below with your MSN address. Thanks

 

[flash7]

Have you a phpBB forum?

 

[ShAwNz]

Yeah a couple of them ...

 

[flash7]

Update to last version (2.0.13)

 

[ShAwNz]

So how do i clean up the mess ?

 

[shivamxp]

flash7 just answered ur question

 

[ntwaddel]

ps aux and see if there are any wierd processes running

its probably running out of your /tmp, i would check there to see if theres any strange scripts in there

 

[AndyReed]

We can clean up the mess. Send us an email note at: [email protected]

Thanks