i configured my webserver to send me the results of a couple of security scans every night, and for months all was quiet and reassuringly unsurprising - until this morning when one of the commands comes back with a different output.
this is my crontab
And the last one comes back with the following output today:
You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
eth0 is not promisc eth0:1 is not promisc
The chkrootkit warning is now no longer appearing when i run it - is that a good or a bad sign???
My contract with my ISP is fixed bandwidth, so I can't get any huge bills because of a spammer abusing my server, but I wouldn't want my IP address to get into the spam police's bad books.
I'm obviously going to research this as much as I can on google, but can anyone point me at a decent doc or resource on what I can do now?