had posted this at bottom of other hacked thread
both my servers have been hit too
my real server and my home/backup server.
not sure if it is the same issue or not,
Webmin version 1.801 Virtualmin version 5.04
Operating system CentOS Linux 6.8
I run chkrootkit and see ‘suckit’ infected.:
Searching for Suckit rootkit… Warning: /sbin/init INFECTED
I see that I had a (hacked) script running on server /etc/webmin/status/monitor.pl
and it produces files in /tmp/.webmin
d--------- 2 root root 4096 Aug 7 11:25 204159_2211_2_status.pl
d--------- 2 root root 4096 Aug 7 11:25 24501_2089_2_monitor.pl
d--------- 2 root root 4096 Aug 7 11:10 248937_25009_2_status.pl
d--------- 2 root root 4096 Aug 7 11:45 289317_6865_2_status.pl
d--------- 2 root root 4096 Aug 7 11:15 333563_32736_2_status.pl
d--------- 2 root root 4096 Aug 7 11:15 371546_32619_2_monitor.pl
d--------- 2 root root 4096 Aug 7 11:30 469862_3129_2_monitor.pl
d--------- 2 root root 4096 Aug 7 11:20 474562_1179_2_monitor.pl
Selinux has caused major problems too, still trying to sort that out
I rebooted my home server and now unable to boot up it due to kernel panic. I can cet access through terminal but only in limited shell mode. tried USB live distro but still cannot get in.
I also get rm command not found. means I can’t delete any of the hackers files. so now I have a script changing permissions to 000 that stops the files getting accessed.