** This message was sent from the EUGLUG message board. Since ** ** the person who submitted this question may not be on the ** ** mailing list, please reply directly or on the message board: ** ** http://www.euglug.org/board.phtml?id=64 ** Well I should have listened to Joe Hartman and installed secure shell. I was busted and someone got into my Cobalt RaQ4 server. They posted a Kill the "[we won't say]" page as the home page for each 6 of my virtual sites. They also changed the root password. What a pain. So I was wondering what is the best secure shell to use; and how can I set up the server to only accept telnet traffic from certian IPs? When I discovered the event I had no choice but to http in through the Cobalt admin page. (Interestingly this seems to be in the clear too.) I was able to get into the admin panel with the first password challange, then I went immediatly to change the password and it wouldn't work. As if it was changed just as I was about to change it myself. Yes I'm new to Linux and appreciate any help. Also what file would I look at to see the telnet traffic maybe the guy didn't cover his tracks and I could look for patterns in the ip addresses. Thanks, John
