I have some strange problems on my server, starting last night.
Every minute root gets this mail
Cron <root@www> chown root:root /tmp/w00tt && chmod 4755 /tmp/w00tt && rm -rf /etc/cron.d/core && kill -USR1 2584
/bin/sh: line 0: kill: (2584) - No such process
I run SSH on a non standard port.
But suddenly SSH is back on port 22.
I checked my /etc/ssh/sshd_config and it is configured with the port I want.
I use ISPConfig, and I have opened the firewall for the non standard SSH port.
I also see that a root login was performed
ALERT - Root Shell Access on: Mon Apr 14 05:02:13 CEST 2008
This usually logs IP adr or says tty1.
It is after this login the messages begin to come for root.
Strange, I use a non standard SSH port, and a very secure password for root.
Any tips here