I'm pretty sure that my linux box at home has been hacked, and am not
sure what to do next.  I found a samba share called [radio] and
directory /tmp at root that was just recently created with suspicious
files.&nbsp; <br>
<br>
The box in question has slackware 10.2 and is sitting behind a netgear
router.&nbsp; The only hole between the internet and the box was port
forwarding for SSH on a non standard port.&nbsp; I am pretty sure I
disabled root the login via SSH. I suppose that this could have been
bruteforced - My SSH login is 10 chars and only 3 of them are
non-alpha.&nbsp; Because I'm just running the box at home, and still
learning, I have been lax about setting up any rights management.&nbsp;
So if someone did get in thru SSH, they pretty much had full access
immediately.<br>
<br>
Once I get home from work today, I want to be able to bring my system
back up, but not before I am certain I have closed off all
vulnerabilities.&nbsp; Then I'd also like to setup some form of IDS,
but I do not know if that is above my skill level.&nbsp; Of course, I
gotta learn some time, so I might as well now?<br>
<br>
Any advice is appreciated.&nbsp; And I'll see you at the east side user group tomorrow.<br>
<br>
Thx<br>
Jason<br>