today at job (I’m new here), We’ve suffered an attack to one debian server. Our provider advertised us, and seen what’s happened. I found several processes scanning ips ranges and incrementing the load of server. they run on user account, not root (lucky :). I’ve passed 2 checks of rootkits and cleaned every suspiciuos files.

How they gain access? with the basics principes pf security… passwords. My Luser has same password as his username. I guess people don’t understand basics of computer sciences…