Strange port 31337 Elite

[NeoSNightmarE]

That sucks that it happened to you. But that has to be the stupidest **** that I have ever heard to make the port 31337. I mean what else but some script kiddie would do that? It's comical but retarded.

As a word of advice, first thing that a cracker/script kiddie does if they know what they are doing is look for repeated usernames as passwords and then if that doesnt work, they do solid number combos. So the best thing to do would be to make a password with numbers, and letters that are both uppercase and lowercase. A classic example of the username would be the classic user/admin attempt. But I'm glad that you took this as a learning experience although I would be mighty pissed if it was me.

[jaboua]

As suggested, scan with john the ripper... It's works the same way the cracker would have done it. The best passwords are not based on dictionary words and include numbers, as they take most time to crack (thought if he's running a passwordcracker all month, he might find it, but I suppose you have enough time to detect him in that case...)

[Stefann]

Ok, found the reason for this mess. One of my users had his password as his user name, so the cracker had guessed the password and installed some nasty programs. I removed the programs and deleted the user.

I traced the evil person back into another server that he had infiltrated just like mine: guessed well. As nothing serious happened, I guess I'll just take my lesson and leave it here, the other admin may proceed with his investigation if he's interested to do that.

Don't forget to LART the user, they deserve it for giving a sysadmin hell.