Re: Hack attempt

[John <3v1l.hax0r@gmail.com>]

Hi,

This is a "root kit" downloaded to wipe the logs, set up IRC server,
replace BIND, etc.
psybnc is described here: 
http://216.239.39.104/translate_c?hl=en&u=http://www.netknowledgebase.com/tutorials/psybnc.html&prev=/search%3Fq%3Dc-leet.dir%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DG

You should wipe the machine and reinstall.  Then keep PHP, Apache,
Linux patches up to date.  Try to run apache as an account that can't
run wget and other system utilities.
Maybe run the Bastille scripts.  Here is one description of them:
http://www.sans.org/rr/papers/32/195.pdf