Printable View
One thing you can do for the future is to setup syslog to save log files to another machine do you have another machine you can use for logging? this will help when keeping the log files from being tampered with or deleted entirely also you should probably setup an IDS (intrusion detection system) something like SNORT is very good this can be used to detect any attack attempts that may occur.
if you want to undelete a file from an ext2 file system.
check out this link
Linux ext2fs undeletion
If your ftp server is not set up correctly there are exploits to hack Linux through there,also hope you arnt running ssh or telnet,Um if you have a X11 server running go to your Xservers script make sure you have the command set -nolisten tcp.Check your apache script shut down anything on it you dont need,asume running Mysql? if so change the passwords, to make things easy get the latest webmin set up for ssl and local use only.
Also of course use netstat -all find out whats open then use tcp wrappers(host.allow,hosts.deny)to block ports you dont need on the net just for local.Hope that helps.As for firewalls shorewall is the best i have found to date.
Also check /etc/inetd.conf for any abnormal entry that uses /bin/sh as its program etc....possibly looking for lkm rootkits as well