After discussing an issue I was having with files disappear from my web server I have decided that the system was, as it's called, owned?
I ran iftop on my server and noticed a LOT of traffic to what should be a very low volume web site. In the range of 30 mb in less than 10 minutes. While that may not seem like much, it is for my little sever. I reinstalled the server from 12.04 LTS server cd and re-ran iftop. Traffic was about 30 mb over an 8 hour period. On the recommendation of the others here, I ran iftop on both my local systems as well and I see a lot of traffic on those when there should be NONE.
I configured ufw on both the block everything but ssh and to only allow that from the other computer, but is there any way to find out if/what has been done and to undo it?
I am not proficient with with Linux hacking to even know where to begin looking so any help or finger pointing in the right direction would be great. Thanks in advance.