My server has been hacked.
I noticed that I couldn't access its files remotely, so had a closer look. There were no files in my home folder.
I looked at the log of commands, and this is what I found.
wget <some file>
Does anyone have any advice? How did they get my password after inputting 'sudo su'? Should I reinstall the OS? Is there anything I can do to safeguard against this in the future? Is this a bot or human?
I know it's too late this time, but I don't want this to happen again, to me or anyone.
All comments appreciated.