some body hacked my system

solt@xxxxxxxxxxxxxxxxx (Maciej Soltysiak) · Tue, 8 Oct 2002 22:01:59 +0200 (CEST)

> wc3.part01.rar.gz  wc3.part07.rar.gz  wc3.part13.rar.gz  wc3.part19.rar.gz
> wc3.part02.rar.gz  wc3.part08.rar.gz  wc3.part14.rar.gz  wc3.part20.rar.gz
> wc3.part03.rar.gz  wc3.part09.rar.gz  wc3.part15.rar.gz  wc3.part21.rar.gz
> wc3.part04.rar.gz  wc3.part10.rar.gz  wc3.part16.rar.gz
> wc3.part05.rar.gz  wc3.part11.rar.gz  wc3.part17.rar.gz
> wc3.part06.rar.gz  wc3.part12.rar.gz  wc3.part18.rar.gz
>
> Is anybody knows what this file used for?
Of course. The famous, War Craft III.

> How will i block this IP Address in my firewall?
iptables -A INPUT -s <ip> -j DROP

> How will i check what else he did on my machine?
Well, maybe i did not get it right, be it looks as if someone is making
a Warez site out of your machine. The easiest way evil people exploit it
is that they use world writeable anonymous ftp servers. Check it.

If it is an intrusion, go and browse the logs, look in .bash.history,
suspicious users, processes, mc's history, again: logs. look for deleted
parts in the logs.

And download, compile and run: chkrootkit. Which looks for rootkits and
trojans in you binaries.

Good luck,
Maciej Soltysiak