Help! Server seems to be hacked.

Hi we received a mail regarding attempt to hacking from our server. We do not provide SSH or telnet on our server. but it is seems to be someone able to hack our servers and attampt to hack other computers on the net.

Can any one tell me anything I can do to stop this? I checked all "places" in the server but found nothing. Since I am not a security expert, I need some assistance, Anyone have any suggestion?

here is the mail I received from a person.
----------------------
As indicated below, a seemingly invalid access attempt to my computer
(xxx.xxx.xxx.xxx) was initiated from an IP address (xxx.xxx.xxx.xxx) on your network recently (or at least from the network on which you are identified as the network administrator).

The attempt was detected by the personal firewall running on my machine,
and I am quite concerned about it.

If you are in fact responsible for this network, please do the following:

1) Research the access attempt(s),
2) Inform the responsible parties to discontinue access attempts,
3) Reply to me with your findings.

If you are not responsible for this network, please forward this message
to the person who is, or, if you do not know who this person is, please
get back to me with that information as well. Thank you.

The access attempt(s) are shown below, including the date and time, port
number, TCP or UDP indicator, and, if known, a service name associated
with the port.

Sam, 20 avr 2002 20:07:18, Port 22, TCP, Secure Shell/pcAnywhere

The times shown above are expressed in my local time zone, which is
Greenwich Mean Time +2 hours.

 

 

 

 

Top