> On 10/01/2014, at 06:36, agrquinonez <[email protected]> wrote: > > Short story, long! > > I have had 1 OBSD box, with e-mail server (sendmail), 1 web page > (apache), and anonymous ftp server for almost 14 years; upgrading by > clean installations every 6 months, and without problems. I have 2 80GB > hard drives (1 system, 1 /ftp/pub). > > This time, i installed DokuWiki, and Mailman over 5.3; failing with > Mailman. I added 2 vhost to the web server. And at this time everything > was going well. Before, the last upgrade; i decide to test the upgrade > 5.3-5.4 using the recommended method (install54.iso), and failed. It > really, did not like me. After that, I did a clean installation of 5.4, > and installed the full system, plus DokuWiki and dependencies; it > happened on Jan 7 2014, > > Surprise, on Jan 9 2014; i found 1 soft link to the web server from > /root; i began to review deeper, and found the file > /var/www/logs/etag-state in chinese; 2 references to hinet (chinese) > intenting to send spam (relay). Magically, appeared weird syntoms; and > then 11:28 pm; i decided to do a new exact clean installation to > discover what could happen. > > Ideas are going to be really appreciated, because i am not a technical guy. > > Thanks. > > agrquinonez > > [demime 1.01d removed an attachment of type application/pgp-signature which > had a name of signature.asc]
Where did you get the .iso from? Did you check its checksums? How did you install DocuWiki? Where did you get it from? How secure are your passwords (i.e. different between users, web, FTP, MySQL, etc)? Do you allow root logins over ssh? Etc Etc Etc There are many many questions you leave unanswered...
