Joseph Johnson wrote:
> 
> 
> 
> 
>> Yeah... you've been hacked.
> Ok so I wipe the drive re install how do prevent it from happening again.
> Or if I leave it up can I catch whoever is messing around or at least figure
> out why?
> Joseph

Trying to catch these script-kiddies is a waste of time.  Chances are they're
using your box from _another_ hacked box... not directly from where they live.
Since your original hack-daemon is controlled by a box in Jordan, who are you
gonna call if you _do_ catch 'em?  In the US, unless you've suffered $10,000
in damages, the FBI's "National Infrastructure Protection Center Squad"
doesn't want to talk to you, while your state and local police probably can't
even spell Linux.

About your only _secure_ option is to re-install from square-one (remembering
to also add security updates provided by your Linux distributor).

To prevent a hacker reinfestation, if your Linux distribution contains an
automatically configured firewall, install it.  If not, get one (I recommend
PMFirewall for newbies, see http://www.pointman.org).

In addition to a firewall, consider obtaining and using:
	- tcp-wrappers
	- ip-logging 
	- shadow logging of system logs
	- tripwire
	- periodic backups to removable media
	- install ssh to replace rcp & telnet
	- turning off services you don't need (like rcp, telnet, ftp, ...)

and if you're still not scared away from Linux, have no life, and like to
read, consider obtaining (at a list price of $48.99) and reading "Linux System
Security" by Scott Mann and Ellen L. Mitchell (ISBN 0-13-15807-0, 2000,
Prentice-Hall).

Hope this helps'idly,

-S