How to deal with malicious kcached processes

If you find something like below on your server, be sure you’ve detected malicious activity

username 2156075 0.0 0.0 2848 2660 ? Ss Feb09 0:00 [kcached]
username 2156076 0.0 0.0 2852 2660 ? S Feb09 0:01 \_ [kcached]

You can use the lsof command to determine which processes have the files open and whether they are being used for legitimate purposes.… Read the rest

Tune user’s crontab files

–°rontab adding MAILTO into user's files to prevent mail sending

cd /var/spool/cron && for i in `ls *[a-z]*`; do if ! grep "MAILTO" $i; then sed -i -e '1 s/^/MAILTO=""\n/;' $i; else echo "MAILTO is exist for $i"; fi; done

Remove not existent email address from user crontab to prevent bounces

sed -i -e 's/MAILTO\=.*/MAILTO\=""/g'
Read the rest