Being attacked is one thing, being owned is another; While DDoS/DoS can be countermeasured by your operator and as a last line of defense, yourself (or your bofh), being owned usually means someone exploited your code either through SQL injection or other security vulnerability. Finding the full extent of an infiltrated server can take some time and is a very demanding task. There are scripts which might work up to a point, but usually the diagnosis and post mortem are done with the file system on read only and by comparing the hashes of the files with a network copy/backup.
While I might help this one time for the fun of it (assuming it's a POSIX compliant system), I won't fix other peoples code.
Message me if you want my skills on this one!
|