On Mon, 14 Jan 2008 02:59:38 +0000 Karanbir Singh <kbsingh at centos.org> wrote: > Mark Weaver wrote: > > yeah... and the one that was possibly part of the problem is now > > gone. I never restored it from backup after the second breach. The > > perps were trying after the second reload, but since that web site > > wasn't restored and running on the web server they weren't able to > > get in. > > now would also be a good time to plumb in remotelogging :D > > I recommend rsyslog! > Indeed! hadn't thought of that before, but the packages have just finished downloading. :)