Also after running that as Matt said, if you are on a public IP, you can check your processes running for something running with iptables in the name with an extra letter. The most common exploit version for this was run as ./boot/iptablesb making someone without a lot of Linux knowledge think it was just something common that iptables ran from boot. You will also notice your server getting more and more laggy over a short period of time as the script run outbound DDoS commands and flood time increases the longer the script runs undetected.