– Pierre-Marc Bureau @ welivesecurity.com
In the news there are increasing reports of Linux servers being compromised and turning into spam-bots or hosts to malicious websites. As a Linux admin I see scores of spam e-mails coming through my /var/log/syslog file and username/password guesses on SSH, e-mail, and website login forms. It is important that any Linux admin keep current on updates and lock down unneeded applications and ports. Webmasters need to keep their Joomla, Drupal, and WordPress at the most recent stable releases. Also in applications like WordPress, plugins can be security risks and should be updated frequently or disabled if no longer needed.
The Windigo campaign has affected more than 25,000 Linux servers and sadly is not easily removed. If you find that your server has been compromised it is recommended that do a clean install of your server and not attempt a repair.
There is a command you can run to see if your current Linux system is infected: