Script Haxxors!
Sometimes I wish that Panda Antivirus worked on a linux server. We had a server go rampant this morning, ramping its load from 0.25 to 299 ( and higher ) and the network traffic flipped a lid. When I finally got logged back into it, I discovered a file in a world-writable directory that was a user space ftp daemon( indiftpd ). It was, of course, running and listening to port 1940. Someone had put about 16GB of info on our server and it was being downloaded all over the net.
This server’s under suspicion now; I’ve removed the files and the daemon and I’ve fixed the world-writable directories. And then I went and made a mrtg page with just the network traffic information on it for each of the servers I maintain.
I’m giving serious thought to implementing iptables on all of these servers, though, and not merely the firewall. It’d be nice to know that it’s just me and a select group of freedomfighters who can connect to port 22 ( sshd ).