Joseph Johnson wrote: > > > > >> Yeah... you've been hacked. > Ok so I wipe the drive re install how do prevent it from happening again. > Or if I leave it up can I catch whoever is messing around or at least figure > out why? > Joseph Trying to catch these script-kiddies is a waste of time. Chances are they're using your box from _another_ hacked box... not directly from where they live. Since your original hack-daemon is controlled by a box in Jordan, who are you gonna call if you _do_ catch 'em? In the US, unless you've suffered $10,000 in damages, the FBI's "National Infrastructure Protection Center Squad" doesn't want to talk to you, while your state and local police probably can't even spell Linux. About your only _secure_ option is to re-install from square-one (remembering to also add security updates provided by your Linux distributor). To prevent a hacker reinfestation, if your Linux distribution contains an automatically configured firewall, install it. If not, get one (I recommend PMFirewall for newbies, see http://www.pointman.org). In addition to a firewall, consider obtaining and using: - tcp-wrappers - ip-logging - shadow logging of system logs - tripwire - periodic backups to removable media - install ssh to replace rcp & telnet - turning off services you don't need (like rcp, telnet, ftp, ...) and if you're still not scared away from Linux, have no life, and like to read, consider obtaining (at a list price of $48.99) and reading "Linux System Security" by Scott Mann and Ellen L. Mitchell (ISBN 0-13-15807-0, 2000, Prentice-Hall). Hope this helps'idly, -S