Thanks for inputs. Found the culprit. :-)
Found that some cracker entered on Dec 3 as user saravanan. He runs so many ssh daemons and do a lot of port scans to other servers. ps aux | grep ssh | wc -l 450 found so many processes like ./ssh 270 and ./x there should not be any separate process like ./ssh and ./x so searched in /home/saravanan. hahaha. here, the thief lives. found some hidden folders as ".a" ".c" ".d" and "h" in /home/saravanan In the folders there are so may scripts to call ssh and do portscan and try various username/password by using bruteforce algorithm. This made our server to scan many servers and they mark us spam. I deleted the .a .c .d h folders. killed all ssh processes. As per arun khan's suggestion, requested the remote server admin for a re-install. :-) After re-install, I will put the firewall rules as per raja's suggestion. Will hear arun sag's suggestions too. Thanks a lot friends. The root cause of the issue are 1. very very very weak password for user saravanan. 2. there is no firewall 3. no powerful logging methods 4. no limits on no of processes/diskspace Thanks. -- Regards, T.Shrinivasan My experiences with Linux are here http://goinggnu.wordpress.com For Free and Open Source Jobs http://fossjobs.wordpress.com _______________________________________________ To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
