M A wrote:
Details thats all the ISP gave me, Surely there must be a way to detect this is happening, or the source of it, I have since removed all my secondary IP's, Does IPtables need to have rules for all my secondary Ips?
I have no details of your situation, but I'd suspect that you had an insecure web service running, and the phisher broke in using that. Iptables can't protect you from that. Did you keep your software up-to-date, including the insecure PHP scripts that you're probably running? Mr. Sanchez is right. A format and reinstall is appropriate, but you probably first want to look through your log files to see how the intruder got in. If you format and then reinstall the same vulnerable software, you'll be back where you started soon. Good luck.