I did a nmap -sT 127.0.0.1 today and noticed something interesting:

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-11 19:23 CST
Interesting ports on www.xscincorporated.com (127.0.0.1):
Not shown: 1694 closed ports
PORT STATE SERVICE
25/tcp open smtp
631/tcp open ipp
3000/tcp open ppp

Nmap finished: 1 IP address (1 host up) scanned in 0.149 seconds


xscincorporated.com ?

I checked the website that is spam advertising!!!

And smtp is open...crap! How do i fix this? I already went into my router and blocked all ingoing and outgoing traffic for smtp on port 25. So it blocks any crap mail but how do i get to the real problem and where to look, logs, etc? How to i shutoff the smtp serivice. I am on kubuntu gutsy.

Did you edit your /etc/hosts file so that www.xscincorporated.com resolves to localhost? This would be one method of blocking traffic to this spam site. If so, make sure that the line for localhost is before the one for www.xscincorporated. It looks more like the reverse dns lookup of nmap came up with this instead of localhost.

What does your /etc/hosts file contain? 127.0.0.1 should resolve to localhost. Is it set differently in that file?

Regarding the open SMTP port, many distros have the mail agent listening only locally by default so that may not be anything significant. Take a look at the output of netstat -pantu run as root and post the output. Also remember that if someone was able to modify the /etc/hosts file that either the permissions were wrong (unlikely) or that they had root on the system, so any info from the system is untrustworthy.

Maybe I am not hacked because I edited my /etc/hosts file awhile back to block ads, here is my /etc/hosts file: Well part of it i couldnt paste all of it.

127.0.0.1 localhost
127.0.0.1 spaceballs
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adagencypro.com
127.0.0.1 ads.adap.tv
127.0.0.1 ad.pop1.adbn.ru
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 adcp.adcentriconline.com
127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
127.0.0.1 content.adcentriconline.com
127.0.0.1 media.adcentriconline.com
127.0.0.1 publicis.adcentriconline.com
127.0.0.1 ad-clix.com
127.0.0.1 www.ad-clix.com
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
127.0.0.1 adcode.adengage.com
127.0.0.1 stats2.adengage.com
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 track.adform.net
127.0.0.1 www.adfusion.com
127.0.0.1 harvest.adgardener.com
127.0.0.1 harvest6.adgardener.com
127.0.0.1 harvest7.adgardener.com

127.0.0.1 www.xscincorporated.com

Thats in my /etc/hosts file so, i guess maybe I am not hacked

You should do what Capt_Caveman said,
netstat -pantu

And check that your smtp port is not opened to everybody, only to 127.0.0.1 (left column)

How many lines do you have in your /etc/host file?
Could be that it slows down your system.. not sure.
man hosts.conf, section multi


Why not using firefox and adblock?

And I wonder why it takes this one and not another..

I have 5,034 of lines in my /etc/hosts file blocking all kinds of ads. i use firefox but this ads extra protection against ads. It takes xscincorporated.com because that is the last line in my /etc/hosts file. I thought I was hacked but forgot about the /etc/hosts file. Smpt seems to be ok.

if u have at least 512mb RAM and a good processor I have a P4 @ 2.66ghz and i have hundreds of thousands in mine and well it does NOT slow down my computer at all yes mine are also for blocking ads, and bad sites.. and yes the size is roughly 10mb + again my system is NOT slow and using gedit it does NOT take a long time to open it full - opens but showing all the lines takes rougly 3m or 5 - i do NOT keep track..