So I started looking around in /var/log. I looked at my secure logs and saw nothing out of the ordinary. I looked in samba and found a log file 58.239.84.158.log. I opened it up and it said the following:
[2009/08/15 06:31:34, 0] lib/access.c:check_access(327) Denied connection from (58.239.84.158) [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062) Connection denied from 58.239.84.15
I don't think you got hacked. You might want to check your firewall settings though. It *looks* like your firewall is letting netbios connections from off your LAN -- you should not be allowing this!
He can do better. Why is samba bound to an Internet facing interface at all? Unless you have a need to allow smb/cifs connections over the Internet, samba should never ever be allowed to bind to an interface with an Internet ip.
It does look like someone from 58.239.84.158 (SK Broadband Co Ltd in Seoul) tried to check out your samba shares, but was denied access.
Yea for tcp wrappers...