On 01/10/14 01:36, agrquinonez wrote: ... [compromised box] ... > Ideas are going to be really appreciated, because i am not a technical guy.
ok, this is the unpopular answer, but here it is anyway: Stop. You should not be running your own web and mail server. Years ago, I used to say that I could make a good case that anyone running a mail server or DNS server should require a license, for much the same reason as one should have a driver's license to drive on public roads: to indicate you have some minimum level of skill so you don't hurt others on the road. (NOT that I would in any way welcome more government involvement in the Internet). (I've run mail servers for around 35,000 users and maybe a hundred domains, and DNS for hundreds of domains...I'd consider myself BARELY sufficiently skilled to pass my hypothetical license requirement. I'm also probably better than 80+% of the people running DNS and e-mail systems in the Corporate World. Be scared.) I exempted running a webserver because I felt that your average website was "safe" to other people...kinda like painting your own car -- you may do a lousy job, but no one has to look at your car/site. Well, these days of web applications pretty much means I was wrong, and yes, they are just as able to harm others on the Internet as mail and dns servers -- maybe even more so these days. If you don't know how to track down what happened -- and more importantly, don't know how to KEEP it from happening in the first place -- you should not be running services on the Internet. Using OpenBSD does not render your system unbreakable, any more than putting a five year old behind the wheel of a "safe" car makes them or the world "safe". As for what happened in your case, with a total lack of facts from you, I'm going to say you left a guessable password on an account. Someone then threw a list of a few thousand username and password combinations at it, succeeded, and moved in, probably within 24 hours of your setup. If you think your password was really clever, that was almost CERTAINLY your problem, I've seen these lists, they are funny -- you can just imagine people patting themselves on the back over how clever their password is...and there it is on the list to be tried on thousands of boxes an hour. The key thing to know is that Internet attacks are not a "oh, I was unlucky here" thing -- if you expose a service, you are under CONSTANT attack, if you have any kind of vulnerability, it WILL be exploited, and rather soon. Nick.
