[CentOS] Help: Server security compromised?

Wed Aug 6 06:04:08 UTC 2008
Bent Terp <bent at terp.se>

On Wed, Aug 6, 2008 at 7:48 AM, Noob Centos Admin
<centos.admin at gmail.com> wrote:
> /sbin/iptables -A RH-Firewall-1-INPUT -s 219.64.114.52 -j DROP

I'd recommend you add the extra rules by editing
/etc/sysconfig/iptables instead. At least that way you can be sure
they'll survive restarts off iptables.

Next check that the output from
'/sbin/chkconfig iptables --list'

looks like this:
'iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off'

otherwise, do '/sbin/chkconfig iptables on' so you're sure the service
starts as intended.

> If not, what should I do next to find and eliminate this problem? Thanks in
> advance for any advice!

Check the crontabs and follow up on the entries. Don't forget to also
look in /var/spool/cron/
Are there any strange processes running? What does the logfiles say?

Wait an hour or so, and you'll see more (competent) advice coming in

BR Bent