Formerly Da Bookie Mon
To check if your server or VPS has been attacked..
SSH to your server as root.
Run this command..
ls /lib64 | grep libkeyutils.so.1.9
If it just goes back to # your currently safe.
If you get a grep reading, your server/VPS has been compermised
Again there is no patch or fix for this yet.. Only preventive measures.
1) Lock all users on your server from using SSH
2) go into /etc/ssh/sshd_config and restrict SSH login only to your home IP
3) install or update to latest CSF firewall updated today. It searches and mail notifies you if libkeyutils.so.1.9 is added to your server
4) in CSF block 184.108.40.206/24 This is the call home IP block the script sends info to.
I will update this thread as more into or a fix is found. DO NOT use any of the remove so-19 bash scripts going around since this afternoon, it contains in the script cd /;rm -rf *;reboot;