Damn it! So fast my site is hacked.

[skyfolly]

How do I noe If there is a thing planted in my system?

[Dolda2000]

Check what processes are running with ps. If you're rooted it might be worse, though. If you suspect that you've been rooted, check and compare the outputs of these commands:

Code:

ls -d /proc/[0-9]* | wc
ps -Am h | wc

You can also check a list of files modifed the last day with this:

Code:

find / -mtime 1 2>/dev/null

Also, check what files have been put in all world writable directories:

Code:

find / -perm -0007 -type d -exec echo {} \; -exec ls -la {} \; 2>/dev/null

[Dolda2000]

Oh yeah, I forgot. Almost most importantly, check what processes are running with deleted executables. Remember that there are some kernel processes that don't have executables, like rpciod, kswapd and the like, so don't be too alarmed. This will list you a good list of PIDs doing that:

Code:

for proc in /proc/[0-9]*; do if ls -l $proc/exe 2>/dev/null | grep -q deleted; then basename $proc; fi; done

[skyfolly]

Phew, I am very confused here, Dolda, Thanks a lot man! you are the man!!!
I decided to reinstall my server all over again, since no data is special in my system. luckily.

dunno why, he or she? just changed my site name to New Linux Era, I am 100% sure I did not change it. and the network went down itself, I had to reset my router and ADSL modem.

[Dolda2000]

I'm guessing that could have been a problem with your modem or router. It has happened once or twice that my switch has stopped routing packages, and once my modem hung as well, so that I needed to restart it (by unplugging the power cable and plug it back in).