Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
It would be very helpful to know how the system has been comprimised. Has the intruder gained root access (to the operating system) or has an OpenBB vulnerability been utilized (or both)? What was the exploit? Check the logs and search for descriptions of OpenBB exploits. In the meantime, your friend should take the machine off line. In the end, it will probably need to be scrubbed and everything installed from scratch (after you've found out what hole to plug).
Hope this helps you get started.