Have I been Hacked?

[dayo]

I have zen cart installed on my site which has not been used for a long time. I recently tried to reactivate it and noticed that a file was missing and that some constants on an obscure page had not been initialised.

I logged into ssh in terminal on my Mac to fiddle with the files and found to my shock that the last person to have logged in as root was someone from Pakistan (mbl-65-158-146.dsl.net.pk) back on 24 May 2008.

Everything else seems to be working fine but I am concerned.

I seem to recollect that it is possible to setup the VPS to send an email whenever anyone SSHs in.

I have the BFD rules up but i guess that only kicks in for unsuccessful attempts.

Any tips appreciated

[Frank Broughton]

I logged into ssh in terminal on my Mac to fiddle with the files and found to my shock that the last person to have logged in as root was someone from Pakistan (mbl-65-158-146.dsl.net.pk) back on 24 May 2008.

There is some support here at JPC that is in that country.

[dayo]

That makes sense as any hacker getting in as root would have done loads of damage

[thecoalman]

That makes sense as any hacker getting in as root would have done loads of damage

I don't know if that is necessarily true, many of them try to cloak their activities and use the compromised server for their own needs unbeknown to the owner.