server hacked – cron continue to run [duplicate]
This question already has answers here: How do I deal with a compromised server? (13 answers) Closed 7 years ago. Someone accessed my EC2 Ubuntu 14.04 and installed some malicious cron to do port scanning with user eric. I removed user eric and the file executed, but in syslog I see Sep 19 15:27:01 ip-xxx … Read more