(Uups spoke too soon!! Looks like Ubuntu 8.04 LTS / ISPConfig 2's are also vulnerable.)
Also found them in Debian 5.0.3 / ISPConfig 3's so far.
If your server has been used to hack other servers you can see something like this in 'name'.seen file.
server.name.com none 1267130228 2 Quit: I'll get you for this!!!
m1n2b3b3b email@example.com none 1267471837 3 l3iliboi--
l3iliboi`- firstname.lastname@example.org none 1267392327 3 l3iliboi
l3iliboi email@example.com none 1267426060 2 Read error: Operation timed out
Also crontab -e will show your crontab emty execpt a command that will call /usr/lib/.x/update file.
Last edited by SamTzu; 1st March 2010 at 23:32.