I thought I had cleaned it all out. I removed the user accounts he created. I removed the cron jobs that he added. I changed the root password. I closed ftp (which was how he got in in the first place). Everything seemed fine, until I logged back in this morning.
My logfiles were pointing at /dev/null. Basic detection scripts like ps and netstat weren’t working.
I shut the machine down.
Tonight is not going to be fun.
What motivates these bastards to do this? “Because they can”? Not only are the inconveniencing me, they’re inconveniencing the 20 or so people who use my machine as an IRC server, as well as the handful of friends who have accounts on the machine. Yes, I should be the better sysadmin and keep my machine secure, but dammit I thought I was. It’s not like there’s any useful data on that machine. Go bug someone else.
I hate this. Hate hate hate hate hate hate hate hate. When one bastard can download a script and push a button, and it takes up almost a day of my time to fix, something’s wrong with this world.