Could have been hacked?

I first noticed something was wrong when I stopped receiving logwatch by email 3 days ago.
I waited to see if I would get it again but nothing appeared.
Yesterday night I tried to login with SSH but I got the error "timeout" (not wrong password just timeout).
So I did a server reboot. The server crashed completely and had to ask support.
I got back SSH access, and immediatly ran RKHunter, which reported some [BAD] checksum:
/bin/dmesg
/bin/egrep
/bin/fgrep
/bin/grep
/bin/kill
/bin/mount
/bin/ps

... and so on, many more. I can assume that my server was successfully hacked? even if all websites are running as normal now and no sign of defacing, or email sent out as spam... Could have been hacked?

 

 

 

 

Top