Today I realised that someone unothorized got on my server and in means of "F****ing" with my job/head changed root passwd, and dissabele/changed all of my user account settings. I realy need help, couse this is a server of a Primary school institution, and I dnot want anyything to go bad mor than its already is!
I heve Fedora2 on machine, And I suspect that the attacker came through SSH,
I shoud close down the sshd in my fw, but realy would like to know who the attacer is, and where is the attack been made from, so I cen get "Phisycal" on him
, need some advice how to be successfull detective in this case??
thanx
sax