[no subject]

File uid.c contains
#include <unistd.h>
main ()
{
setguid(0)
setuid(0)
excel("/bin/sh","/bin/sh",NULL);
}

There are also new config files for ssh in /etc

He tries my email machine at Dec 31 06:46:37
Redhat 5.0
ssh 1.2.26-4i
Same IP number but PAM_pwdb (su) session opened fro user bla by bla2(uid=0)
There is a .bash_history file again in tmp Dec 31 07:02 with simular info as above.
New ssh config files in /etc

He logs into my name server/proxy machine at Dec 31 14:48:56
Redhat 5.0
ssh 1.2.26-4i
Same IP number and same info in .bash_history file and new ssh config files in etc

How can I keep this person out of our system??


Thanks
Michael