>> So I started looking around in /var/log. I looked at my secure logs and >> saw nothing out of the ordinary. I looked in samba and found a log file >> 58.239.84.158.log. I opened it up and it said the following: >> >> [2009/08/15 06:31:34, 0] lib/access.c:check_access(327) >> Denied connection from (58.239.84.158) >> [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062) >> Connection denied from 58.239.84.15 > I don't think you got hacked. You might want to check your firewall > settings though. It *looks* like your firewall is letting netbios > connections from off your LAN -- you should not be allowing this! > He can do better. Why is samba bound to an Internet facing interface at all? Unless you have a need to allow smb/cifs connections over the Internet, samba should never ever be allowed to bind to an interface with an Internet ip. > It does look like someone from 58.239.84.158 (SK Broadband Co Ltd in > Seoul) tried to check out your samba shares, but was denied access. > > Yea for tcp wrappers...