here is the deal. there is program in my root directory that was not there last time i looked and when i run the program it says welcome hackers and the hacked alike.

How do I find incoming connections or install times and uid for who installed? How do I close off every single port needed except for http(d) and https this is all i would need?

Thanks,
Scott

to whomever answers his question:
please post a link to where one can find information on how to do this

What kind of security are you running? You got a firewall of any sort? I recomment running pmfirewall. Easy to install and setup. I also recommend running portsentry after that. After that you might want to try snort. There is no such thing as a secure computer, but double or triple redundency is a good place to start.

May as well reinstall. When you do, setup a good firewall (I like gShield), and tripwire.

wojohowski, the only problem is that if someone hacked in they most likely deleted your logs that would have recorded the login and any attempts to gain access. I suggest running snort on a local machine to watch the ports on another box. Also, you may want to add a hosts.deny file in the /etc directory. /etc/hosts.deny looks like:

ALL:ALL #shuts down all ports to all connections.

to leave the httpd in tack make a /etc/hosts.allow file:

inhttpd:ALL #allows all access to httpd

[ 06 March 2001: Message edited by: triplehex ]

This is interesting. I know this is a obvious question, but have you checked your log files? /var/log ? Also, wouldn't a ls -l on the file reveal who the file belongs to (or installed) and the user ID? Your log files should tell you about any connections you have had. In other words, if the file belongs to root, well then, you know he has rooted the box. Let us know what you find out. Very interesting. :rolleyes:

Now when you say root directory are you talking / or /root? Also, if you need to disable services inetd.conf is a good place to start. Just comment out the services you no longer wish to run with your favorite editor. :D