was i hacked

[Uday]

Thanx for all that help & experiences from you guys.  It gave me a big boost
as whole of the incident was getting on my nerves.

I am planning to wipe off the stuff obiviously after taking backup and
reload with RH9.0 the latest I suppose it must have all the patches as
Robert suggested.

And as Ryan stated:
> I had the same thing happen, only they had left the bash history file, so
I
> could see what they did. They had run a root kit program. I did some
> research and the only thing that I could really do was take my server off
> line, save home and local directories and re-install.

In this case also he/they has left the bash history file behind but I could
not really be a Sherlock Homes : ) Anyway following were the command which I
think were alien:

netstat -an | grep 139
w
rm -rf /var/adm/lastlog /root/.bash* /.bash* /root/.bash_history
/.bash_history /tmp/* /tmp/.bash_
* /var/log/* /etc/log /tmp/log/* /var/log/* /tmp/var/log/* /usr/log/*
/usr/adm/log/*
w
exit

Anyone who can derive some conclusion out of this is welcomed or any further
security needed.

Thanx
-Uday