[CentOS] I've been hacked -- what should I do next?

Fri Dec 1 20:43:36 UTC 2006
Aleksandar Milivojevic <alex at milivojevic.org>

Quoting Alfred von Campe <alfred at 110.net>:

> FWIW, the IP addresses are (acb23fa7.ipt.aol.com) and
>  There is no reverse entry for the latter, so I don't
> know who to contact.  I'll fire off an email to AOL (not that I think
> anything will happen).

You can use a whois database to find the info (for example, there's  
web interface on www.ripe.net).  Info for indicates that  
this IP address is alocated to an provider in South Korea.  Contact  
addresses included:

inetnum: -
netname:         BORANET-1
descr:           DACOM Corp.
descr:           Facility-based Telecommunication Service Provider
descr:           providing Internet leased-ine, on-line service, BLL etc.
country:         KR
admin-c:         DB50-AP
tech-c:          DB50-AP
status:          ALLOCATED PORTABLE "status:" definitions
mnt-by:          APNIC-HM
mnt-lower:       MNT-KRNIC-AP
changed:         hostmaster at apnic.net 20000918
source:          APNIC

role:            DACOM BORANET
address:         DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku, Seoul
country:         KR
phone:           +82-2-2089-7755
fax-no:          +82-2-2089-0706
e-mail:          ipadm at nic.bora.net
e-mail:          abuse at bora.net
e-mail:          security at bora.net
admin-c:         EC115-AP
tech-c:          SIJ1-AP
nic-hdl:         DB50-AP
remarks:         IP address administrator group of NIC team, DACOM Corp.
remarks:         If related with spam, send mail to abuse at bora.net
remarks:         If related with security, send mail to security at bora.net
remarks:         Only for whois information correction, send mail to  
ipadm at nic.bora.net
mnt-by:          MNT-KRNIC-AP
changed:         jeonsi at bora.net 20041105
source:          APNIC