Hello Guru's, On the weekend our web server (SuSE 7.2 kernel 2.4.4-4GB) was hacked by some very clever guys. They placed some programs which i can not remove anymore and which is even worse - the root's password also was changed (I can not start in single user mode - init 1 - password is wrong). A "sysadmin" user was created by the hacker and mtab also was changed. When i try to login and type the username than Enter -> the "pasword" question is not coming but the screen is hanging. It means we can not log in anymore. Which is interesting, this is our mail server also and we can send/receive mails but via samba is not possible to connect to the shared drives. I'm afraid i have to reinstall the machine, but before i do it want to know what and how happened. If someone of you experienced with this and could give good advices about what to do and how i can analyse who logged it would be appreciated. TIA, istvan Istvan HOLLO GlobalTech Hungary Informatikai Kft. phone : +36 28 590 500 fax : +36 28 590 501 email : istvan.hollo@ija.hu www : www.thegt.com www.ija.hu