Hi

I have hosting with vps server with plesk fedora 8. This evening all domains on my server went down and i did contact with the support. they say i got smpt dos attack and they null routed. after that i login to my server with ssh and i found this log

login as: root
root@ip's password:
Last login: Wed Jul 15 09:42:32 2009 from 203.193.165.78
[root@vpsbox ~]#

and it is definitely not my ip and i did some research on that ip. I found out some bad news about this ip and originated from india. How can i know what they did to my box ?? they did get my root password ?? thank in advance .

If I get from this that you logged in over the network as root then you made a mistake.

What you can find on your machine depends on a few things like if you have off-site backups, what your distro+version is, what services were running, what you installed in terms of intrusion detection / integrity checking, what root was allowed to do between compromising the host and you restricting access to it. What you can do now is listed in the post here: http://www.linuxquestions.org/questi...96#post3608496. But please reply in this thread, not there.