Hacked?

[linuxland]

I had some entries in my /var/qmail/control/rcpthosts file that I did not put there.

I deleted them but they were comething like a3.12.3e.theplanet.com

Has anyone seen this? Was I hacked?

I was alos getting a bunch of spam messages stating "I busted you".

evin

[Galactic Zero]

Run rkhunter -c to see if your system has picked up a root kit, then look at the mail log again and post more info.

[linuxland]

Here are the warnings that rkhunter gave:
[root@chicago log]# rkhunter -c --createlogfile --report-warnings-only
Line:
Warning: This operating system is not fully supported!
Line: Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known

Line: Warning: Cannot find md5_not_known
Watch out Root login possible. Possible risk!
Line: Watch out Root login possible. Possible risk!
[ Warning (SSH v1 allowed) ]
-----------------------------------------------------------------

Found warnings:
[00:42:11] Warning: This operating system is not fully supported!
[00:43:45] Warning: root login possible. Change for your safety the 'PermitRootLogin'
[00:43:45] Warning: SSH version 1 possible allowed!

-----------------------------------------------------------------

If you're unsure about the results above, please contact the author of
Rootkit Hunter. Fill in contact form: http://www.rootkit.nl/contact/
Some errors has been found while checking. Please perform a manual check on this machine chicago.*****.net

[Galactic Zero]

you're going to have to disable telnet to your box and disable root login directly. The only way you should get to your box is via SSH loging in as admin then su - to root.

Search here or on any of the hosting companies web sites for securing your flavor of linux.

[scott]

What distro are you running? rkhunter wasnt really able to look at anything on your system.