Hi. I just got some services (mysql, postfix, cvs...) shut down, took a look at /tmp, and found a miro.tgz and a "miro" executable. On the executable you can read: .-= Backdoor made by Mironov =-. .-= Running =-. I don't know how much this attack may have compromised the system. Under /var/log/ there are no clues on how they may have entered, /var/log/messages has been deleted. Directories like /tmp or /var have changed permissions since the attack to 700 Now ssh works really slow unless connected to Internet, and I feel very unconfortable about connecting this server again to the Internet. The systen is a SuSE 8.1, I had it a little forgotten lately, tough. Doesn anybody know anything about how they may have entered the system and how can I arrange it? I'm seriously thinking about installing a SuSE 9.0, but want to know what happened before doing anything. Thaks in advance.