Hackers know the backdoors of your system and as an average user it is almost impossible to clean all traces they left. Even if you think everything is clean, some backdoors might still be open for them to infect the system again and again.

The best thing you can do is contact the hosting company. They probably have more experience in these cases and their logfiles of various systems might indicate the source of the hacking so they can block it appropriately.

lammert - thanks i have contacted them as soon as i found it but i would like to try and get the website from which they are loading stuff disabled if possible - i am sure its only one of very many but at least its something - its a russian site which makes it more difficult to work out the appropriate reporting mechanism

can anyone one suggest an effective place to report a russion website which is related to a hacking event

can anyone one suggest an effective place to report a russion website which is related to a hacking event

I know it is not really the answer you are looking for but I would start with you server access lists

Sorry to hear about this 3bees. I would second what lammert said - your system is compromised and you need to act like they still have control even if you don't see it. Your best bet is to start over with a disk wipe or clean server. Put your efforts there rather than running down an .ru site.

stajer - thanks for your comments - i agree totally and that is my assumption and i am working towards a complete rebuild - but before i do a complete reinstall of the vps i need to get a few things sorted - but its on my do list

but i\'d still like to stuff them up just on principle -

so if anyone knows where in .ru to report it so it has some effect let me know