Got a dreaded hosts.allow email and realised the damage has probably already been done. Checked /var/log/secure and saw evidence that somebody had been brute forcing, a clear failure on my behalf as I must have misconfigured my denyhosts but didn't see the issue because the server wasn't meant to go live until this weekend after months of it being put off and now I have a big steaming mess on my hands.
Just would like some advice from anybody who has had an infiltration before and what steps where done to salvage and tighten up everything. Either that or some advice on how the best way to get my settings and redeploy without transferring anything that may compromise the new server.
Running zimbra 8 on CentOS 6.
Any help would mean the world to me.