hello my tmp and shm only hacked.

/var/tmp
/dev/shm

when I m logged my server I can see hacker files in tmp and shm

when I m ps aux I can see run hackers program inetd. psybnc ore other hacker program how I can block this hacker?

First thing you need to find how the hacker got into your system.. Most common tool for hacking right now is the XMLRPC libraries which unless patched can be easily hacked with the hacker toolkits (scripts) going around the net right now...

Blocking a hacker is just a bandaid and would only block one form of attack. Most hackers are utilising spoof IP addresses so you would not be successful anyway..

Make sure you run the root toolkit as well to clean up your system and speak to support as well..

how I can find and delete hacker tools?

You can remove all of your tmp files.
rm -fR /tmp/*

Is your tmp mounted with noexec? Run "df" in root.
should see
vzfs 314574 11 314563 1% /tm

yes my tmp and /dev/shm I m deleting only but hacker again update all hacker file hacker how logged my server I dont know

safe_mode =on

disable_functions="system,exec,shell_exec,passthru,readfile,escapeshe llarg,escapeshellcmd,popen,pcntl_exec"

Check that all your scripts are updated. Have you checked that you havnt been rootkited?

ı havent root kid

ı havent root kid

Either ask support to install it (rkhunter) or install it yourself

http://www.rootkit.nl/

Turk, *PLEASE* contact support if you haven't already.

thanks
charles