I feel like I just came home and found my home gone through. When I started up a new X session with gdm this evening, I find a new user's face in the login screen! Let me say that I am the only user on my home workstation, which sits behind an e-smith gateway box.
Upon perusal of some of my logs, I see signs that someone has logged in remotely to X, and has apparently been playing some games on my machine, and has poked around a number of directories. Since I have never used any of the games that get installed with Mandrake Linux 8.2, it's clear that it wasn't me.
I am gravely concerned and would like to know how to prevent this from re-occurring. I'm tempted to just wipe e-smith off the gateway and install some other product, but this may erase any evidence that could be useful in debugging this hole.
How can my e-smith firewall allow this to happen?
Any ideas? Am I even reporting this in the right place?
PS. I see two potential holes:
1. I was allowing remote ssh access in the e-smith manager, with normal passwords (now turned off).
2. in the gdm expert settings configuration, I had allowed remote logins (as I was going to try a remote connection from my office with VNC). I've turned that off as well.