On Monday 10 April 2006 18:22, Tony Godshall wrote: >According to Gene Heskett, > >> On Saturday 08 April 2006 12:04, M A wrote: >> >Hi there Got this from my ISP the other day >> > >> >We have been forced to take your server off line, since your server >> > is performing phishing from your secondary IP address >> > xxx.xxx.xxx.224. >> > >> >that IP address was one my secondary IP's, using debian sarge, have >> > iptables firewall, >> >using qmail as the mail server .. >> > >> >How do i fix this, or detect that is happening .. >> > >> > >> >Cheers >> >> You have been "rootkitted", To learn more, go get chkrootkit, and >> rkhunter. chkrootkit is now a bit long, but its got most of them >> covered. >> >> At the end of the day, your best recovery is to wipe and re-install, >> and make sure the automatic software update facility is working so >> that when security problems have been fixed, your machine will more >> or less automaticly upgrade the software to keep your machine >> reasonably safe from future such exploits. > >Or, if you want to do forensic analysis, take the drive >offline and install with a new/clean/fresh drive. Then you >can look at the problem at your leisure.
And thats even better advice, at the cost of a drive. You did need a nice superduper 300GB for the main services didn't you? :-) -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
