You're not going to believe this, but my box has STILL not been taken offline... My incident has "been sent to the provisioning department" and should be addressed this morning... Two days after I asked/told them to take it off the network!!! I've called them many times, and have been hung up on a few times... Their slogan for their hosting side should be "Dude, you're getting a trojan", or something to that effect... I'm not naming names though...

droby10:
I sent them snips of my logs and snips of your comments regarding their network being at risk, and was sent a reply:

"Please be advised that if you want us to do any sort of extra security work on your system, there will be a $175/hr charge."

I haven't spoken to anyone there who would be worth $1.75 an hour, and they do not seem concerned that their network is at risk...

detoxsmurf:
An Nmap currently shows the following... I think they're gonna run out of ports soon...

1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
79/tcp open finger
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop-3
119/tcp open nntp
143/tcp open imap2
443/tcp open https
540/tcp open uucp
587/tcp open submission
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6006/tcp open X11:6
12345/tcp open NetBus
12346/tcp open NetBus
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k

Could there be any more reason to take it down???

THEJRC:
By disabling FTP, and only using SFTP over 22 the passwords should never be in clear text, right??? I'm not sure how to set up FTP without sending clear text passwords, but from your post it sounds like that may be difficult... Please let me know if I'm wrong... If any PWs are sent clear text, like through FTP or Telnet, they could be sniffed out from a compromised box in my network segment??? Not sure, but that's what I gathered from droby10's post...

Thanks again for all your help...

James...