newbie help: foolish I got hacked
I've fooling around with linux boxes for quite a while, but here got my first introduction to the scary world that exhist outside of my safe pre-programmed router. Here is My problem:
I was converting my ubuntu server to gentoo to set up a nat gateway between the router and the wired network. I was going to add firewall / proxy and a few things and start to move services off the underpowered router.
Mistake 1: using an overly simple password while setting up system. I ssh alot, have to keep restarting and so genorally just use keyboard rolls when I'm setting up. I won't do it again.
So I set up two nics, iptables, dhcp and samba. Got internal computers connecting to the net.
Mistake 2: Putting the router in "demilitarized zone" on router. Basically means all non-nat-port-forwarded-ports go to box I just set up. with open ssh. And simple password.
Might hove just been bad luck, but within ten minuteo on reconnecting via ssh my previous login was from an aol address somewhere in America (I'm in Australia).
So I restarted router (dynamic IP from ISP at least they wont know where I am). I checked iptables rules there are a few rampant accepts in the hope that if I set up firewall correctly I will gloss over it. It annoys me that some 12 yo from kentucky has got into my system but I,m not out for revenge or anything. My question from a reasonable noobie is apart from beefing password, deleting iptables rules, hiding server back behind properly set up router what can I do?
I have generic syslog-ng set up; is there any way to see what has been tinkered with? I've put only about 10 hours into setting up server, should I just scrap it and start again?