> What steps should be taken once the system is compromised like this?
> Obviously, close the port to the outside internet, change the LMS
> password. What can be analyzed in the logs? Change User login
> passwords?
I don't think there's anything interesting being logged by default, as
those accesses would be treated like any access you do.
As of today I don't know whether anything could have happened to you and
your installation other than the nightly annoyance. Close the ports on
the router. That should be all you need to do.
If you decide to want to have access to your LMS from the outside, set
up a VPN.
--
Michael
> Obviously, close the port to the outside internet, change the LMS
> password. What can be analyzed in the logs? Change User login
> passwords?
I don't think there's anything interesting being logged by default, as
those accesses would be treated like any access you do.
As of today I don't know whether anything could have happened to you and
your installation other than the nightly annoyance. Close the ports on
the router. That should be all you need to do.
If you decide to want to have access to your LMS from the outside, set
up a VPN.
--
Michael