Still waiting for my host to pull the box to reload... I've called numerous times, and their attitude sucks... And they're only gonna charge me $175 to slap a new image on it... Grrr... I'm getting tempted to do the rm -rf / myself...

I tried to pull down the CGI, and NAV wouldn't let me, stating that it was infected with Linux.RST.A... SARC has no info on it though... Remote Shell Trojan???

So here's what I'm gonna do once I get reloaded... Please let me know if I'm missing something...

1. Disable Telnet
2. Disable FTP (will use sftp through ssh?)
3. Setup IPTABLES to block all ports but 22, 80, 443, 25, & 110 ???
4. Reinstall all IDs w/ new passwords
5. Reload all data & tables (checking PHPs for changes)
6. chattr my binaries

Should this be enough to keep kiddies out while I'm figuring out how to use Tripwire & LIDS???

Does mysql need to have a /bin/bash account?

Don't you like it when I cram 38 lame questions in 1 post?

Thanks everyone for your help...

James...