Morning all,
Little back ground. Running CentOS 5.3 fully update. I basically run this as router and gateway for home network. I have two(2) winblows machines hooked up. I am running samba for shares. I opened up root's mail this morning and found this strange little comment :
Connections Denied: lib/access.c:check_access(327) 58.239.84.158 : 1 Time(s) smbd/process.c:process_smb(1062) 58.239.84.158 : 1 Time(s)
So I started looking around in /var/log. I looked at my secure logs and saw nothing out of the ordinary. I looked in samba and found a log file 58.239.84.158.log. I opened it up and it said the following:
[2009/08/15 06:31:34, 0] lib/access.c:check_access(327) Denied connection from (58.239.84.158) [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062) Connection denied from 58.239.84.158
There is nothing on this server that I can not replace. Did I just get hacked? Should I wipe this thing and start over? Any and all advice is greatly appreciated!!!
Thanks.
Lee Perez