28 Aug
2008
28 Aug
'08
10:39 a.m.
At a technical level, take an image of the disk (or as MJR says, replace it) and rebuild the box from the ground up. You found one root kit but unless you can verify the integrity of every executable and library on that box (with off machine tools in case the tools themselves have been compromised) Then you really don't know what else might have been done.
Of course I typed rootkit there where I meant backdoor.
Also if you have the originating IP then it may be worth looking it up and reporting the abuse to the ISP concerned, if it is a compromised box then the owner deserves to know and if they were stupid enough to attack you directly then they are in breach of the ToS on their connection.