I’ve been hacked, it looks like they got in through a Roundcube vulnerability and used my system as part of a DoS with kaiten.c. I have turned the server off completely for now. I’m part way through changing all my passwords and I will format the server tomorrow.

What a pain in the arse, at least it looks like script kiddies instead of anyone out to get me personally. Before I wipe the box I am going to have a look to see what they did, I will write it up if it’s anything interesting.

Rootkit hunter said the box is clean, anyone know of good ways / tools to see what the nob-head did?

- Dave.

Edit: It was my email server so if you don’t get a reply from me for a couple of days you know why.