[CentOS] I've been hacked -- what should I do next?

Mon Dec 4 19:24:36 UTC 2006
Alfred von Campe <alfred at 110.net>

On Dec 1, 2006, at 15:43, Aleksandar Milivojevic wrote:

> You can use a whois database to find the info (for example, there's  
> web interface on www.ripe.net).  Info for 61.43.153.30 indicates  
> that this IP address is alocated to an provider in South Korea.

So I sent mail to the address (abuse at bora.net) listed in the whois  
record for that ISP, and it bounced!

   Hi. This is the qmail-send program at users.bora.net.
   I'm afraid I wasn't able to deliver your message to the following  
addresses.
   This is a permanent error; I've given up. Sorry it didn't work out.

   <badmail at bora.net|/webmail/mbox0/bora.net/513/badmail|2|512000| 
530259968|99999999|99999999|>:
   Recipient's maiilbox is full, message returned to sender, (#5.2.2) 
[7mallot:(524288000), usage:(530309120)

Maybe I'll try again after a few days to see if they cleaned up their  
mailbox.  Doesn't give me a warm and fuzzy feeling about that ISP,  
though.

Alfred