Have I been hacked? from the Introduction to Linux by OnWorks

• When using a non-permanent Internet connection, shut it down as soon as you don't need it anymore.

• Run private services on odd ports instead of the ones expected by possible hackers.

• Know your system. After a while, you can almost feel when something is happening.

How can you tell? This is a checklist of suspicious events:

• Mysterious open ports, strange processes.

• System utilities (common commands) behaving strange.

• Login problems.

• Unexplained bandwidth usage.

• Damaged or missing log files, syslog daemon behaving strange.

• Interfaces in unusual modes.

• Unexpectedly modified configuration files.

• Strange entries in shell history files.

• Unidentified temporary files.