Echoing IACSecurity's sentiments As far as I would be concerned, its a fresh install and someone needs to trawl through the source. As soon as anything touches the net you need at a minimum an application firewall, logging and separate security zones for App tiers. Id even go as far as IPS and some proxies as well depending on how complex or critical the server is. What you've inadvertently done is provided a testing ground for some script kiddie somewhere to mess about in. Unfortunately the maturity of today's even entry level rootkits, mean detecting what has changed etc is nigh on impossible especially if you have no IPS or known good reference state.