"Chiefy" <lgb@non.existent.invalid> wrote in message
news:slrndjjgjo.6m5.lgb@aztec.eclipse...
> 27 Sep 2005 20:34 UTC, Lenny G. typed:
> [snip]
>> Somehow, my pam.d configs don't seem to work anymore --
>
> If you have no way of knowing what has been changed, it might be a good
> idea re-install.

Agreed. The rootkit weasel may have changed your libraries to mis-report
checksums or created libraries that RPM doesn't know about.

Next time, configure your SSH to only allow access to specific accounts, or
to block specific accounts such as your son's. And if you have the chance,
please contact the administrators of the site that the attack is coming
from. They've probably been root-kitted too, or at least may want to slap
the script kiddie for misusing their resources.