Hi - well if you've read the header you'll know I've had one of our Linux servers hacked by someone called "Mironov" and it's possibly due to the exploit in PROFTPD. There are files in the /tmp folder... one called 'miro' (executable) and a new directory containing some stuff. Has anyone had this attack before and if so is there a way to easily clean it up and patch the PROFTPD package to get it sorted?
This particular server has more than 200 websites on it, so I'm quite desperate to clean it rather than having to rebuild it.
Can anyone help with this please?
Mucho appreciated - looking forward to your answers.