VPS got Hacked with IptabLes IptabLeX
Hi. I have over 60 VPS's from various providers here all running the exact same setup, but for the past month my Weloveservers VPSs keep getting compromised and sends out-going ddos attacks by using these 2 files inside /boot/
There are no login logs or anything.
It was a completely new Centos 5 32bit install with only httpd (apache) hosting a web page.
I have turned off the VM for now instead of reinstalling it so we can possibly investigate it.