LinuxQuestions.org - SSH login attempts - how to get rid of the automated malware?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - SSH login attempts - how to get rid of the automated malware? (https://www.linuxquestions.org/questions/linux-security-4/ssh-login-attempts-how-to-get-rid-of-the-automated-malware-326504/)

SSH login attempts - how to get rid of the automated malware?

Hi.

My ISP reported to me that my Linux server attacks other servers with this automated sshd requests. And it exactly matches to described problem in "SSH login attempts" thread.
I am a bit new with working with Linux and i wanted to ask for your help.
How can I stop it? How can I prevent from my server sending those sshd requests?

Thank you in advance, Alex

This is probably bad news: Your server has been compromised / broken into. Unplug its internet connection NOW!
You can no longer trust your computer.
Probably the best thing to do is remove the disk with the compromised OS, and put it aside for later forensic analysis.
Reinstall to a new disk. Make sure you have a proper, difficult-to-guess root password.
Do not run services you do not need (rsh, ssh, webservers, nfs etc).
Install a firewall.
Mount your compromised disk and try to find out who broke in and how.

Good luck!