On Saturday 08 April 2006 12:04, M A wrote: >Hi there Got this from my ISP the other day > >We have been forced to take your server off line, since your server is >performing phishing from your secondary IP address xxx.xxx.xxx.224. > >that IP address was one my secondary IP's, using debian sarge, have > iptables firewall, >using qmail as the mail server .. > >How do i fix this, or detect that is happening .. > > >Cheers
You have been "rootkitted", To learn more, go get chkrootkit, and rkhunter. chkrootkit is now a bit long, but its got most of them covered. At the end of the day, your best recovery is to wipe and re-install, and make sure the automatic software update facility is working so that when security problems have been fixed, your machine will more or less automaticly upgrade the software to keep your machine reasonably safe from future such exploits. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
