According to Gene Heskett, > On Saturday 08 April 2006 12:04, M A wrote: > >Hi there Got this from my ISP the other day > > > >We have been forced to take your server off line, since your server is > >performing phishing from your secondary IP address xxx.xxx.xxx.224. > > > >that IP address was one my secondary IP's, using debian sarge, have > > iptables firewall, > >using qmail as the mail server .. > > > >How do i fix this, or detect that is happening .. > > > > > >Cheers > > You have been "rootkitted", To learn more, go get chkrootkit, and > rkhunter. chkrootkit is now a bit long, but its got most of them > covered. > > At the end of the day, your best recovery is to wipe and re-install, and > make sure the automatic software update facility is working so that > when security problems have been fixed, your machine will more or less > automaticly upgrade the software to keep your machine reasonably safe > from future such exploits.
Or, if you want to do forensic analysis, take the drive offline and install with a new/clean/fresh drive. Then you can look at the problem at your leisure. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
