My server was hacked and locked me out. I had to read the hard drive to get some data and log files. The data appears to be intact. Not so much sensitive data, but I really don't like getting hacked, and tried very hard to keep the system up to date, and blocking bad IPs, ranges of IPs, connections that are clearly bad ...
Now, I got the log files and the hard drive. I know a good hacker would cover their track, but still, I need help with finding out what was going on as much as I can, in order to prevent future hacking, and to learn.
Any advise is greatly appreciated.