Server hacked with phishing files
 

Hello,
My server has been hacked, and I am trying to resolve it. I have been working through the list of security tips here --> http://www.yolinux.com/TUTORIALS/Lin...tSecurity.html < - Up till now, I could delete the folders the hacker created, now I can't, I log in as root and when I try to delete them using rm -rf (directory name) I get permission denied. that's the most urgent thing I need help with.. my hacker is smarter than me it would appear, which right now is not saying much, then I need to find out hopw he got in and is still getting in.. this is a dedicated server running Redhat EL 4.6-32. Hope all that made sense.. I'm kinda stressed right now..

any help or insight offered is greatly appreaciated.
Kenny

I'm gonna say to try the standard and highly recommended CERT Intrusion Checklist first before doing anything else...and ignore recommendations to immediately reinstall your distribution, as you'd only get rehacked...the object is to learn how the server got cracked and learn from the experience.

Thanks.. going there now