Just got email from server provided complaining about spamming from your server? CPU usages is higher than expected? Some process toke all your memory? Or OS acting weird?
Example snippets are relevant to Debian/Ubuntu, try look for command for different linux distribution.
Change password for both root and your user. Follow stackoverflow.
Check what changed in /etc and /var in last 2 days:
find /etc -mtime -2
find /var -mtime -2
If you haven’t changed it, somebody did. Decide what to do with that changes.
sudo apt-get install clamav sudo freshclam sudo apt install clamav-daemon
Search for infected files:
sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/sys/* -i -r /
Checks for signs of a rootkit:
sudo apt-get install chkrootkit
You might get some false positive, don’t panic. Google.
Security vulnerabilities comes with negligence, update your OS:
sudo apt-get update && time sudo apt-get dist-upgrade
Some great links that I found:
StackExchange – How do you know your server has been compromised?