I guess this will only grow in volume. Nobody seems to acknowledge the task of an admin, that keeps things updated and secure and that can implemented preventive security measures. It's mostly hire someone as cheap as possible to install xyz on a rented dedicated box and forget about it.<p>Add some sloppy password policy, lot's of PHP code that is neither sandboxed or updated and you'll have an easy time to own such machines.<p>And if it's hacked and disabled it just get's reimagined. I guess most don't even notice if you don't do anything that get's on the providers radar.<p>But honestly even as toying around with Linux for more than 15 years I'd have a hard time to find a rootkit in daily ops that successfully managed to load as kernel module or via ld-preload.<p>Graphing the load e.g. munin is sometimes useful but that's more like having some post-mortem tools.
Scary to think how many more of such hacked servers are out there, I think dedicated server networks like OVH are easy targets, and that's just the tip of the iceberg.
Url changed from <a href="http://arstechnica.com/security/2016/06/meet-xdedic-the-site-selling-access-to-thousands-of-hacked-gov-and-com-servers/" rel="nofollow">http://arstechnica.com/security/2016/06/meet-xdedic-the-site...</a>, which points to this.