Details thats all the ISP gave me,
Surely there must be a way to detect this is happening, or the source of it,
I have since removed all my secondary IP's,
Does IPtables need to have rules for all my secondary Ips?
On 4/8/06, Roberto C. Sanchez <[EMAIL PROTECTED]> wrote:
M A wrote:
> Hi there Got this from my ISP the other day
>
> We have been forced to take your server off line, since your server is
> performing phishing from your secondary IP address xxx.xxx.xxx.224.
>
> that IP address was one my secondary IP's, using debian sarge, have
> iptables firewall,
> using qmail as the mail server ..
>
> How do i fix this, or detect that is happening ..
>
Without more detail, I would say to format and reinstall. Once a
machine has been compromised, you can never be sure it is completely clean.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
