Cheers, Dave, thanks for the reply.
You are correct in observing that I am getting ready to upgrade to SME 7. But I haven't actually done this yet. My main server (the one I think has been hacked) is still running SME 6.
I think it has been hacked for the following reasons:
[1] The admin password that once worked for the SME server-manager website / CUPS admin website now fails to work - and I have not modified anything on the server.
(I did execute a "yum update" a couple of days ago, but could still log in to server-manager after the update.)
[2] The command:
cat /var/log/messages* | grep "Accepted password for root"
reveals some IP addresses that aren't mine. Of course, really pro hackers probably would have edited the logfile so that their tracks were covered.
I have changed my security policies and passwords, so that side of things should be ok for the moment.
But I still have the original problem of not being able to access server-manager or cups. I have been doing backups for a while, so even if some knowlegable person could tell me which files to restore to fix up the http access passwords it would be a great help.
Kind regards,
Silas.
P.S. I will email a copy of this post to security@contribs.org