Re: How do I fix this?

To: debian-user@lists.debian.org
Subject: Re: How do I fix this?
From: "Sumo Wrestler (or just ate too much)" <sumo.wrestler.0rj82m+no.spam.abuse@earthlink.net>
Date: Sat, 08 Apr 2006 12:07:40 -0500
Message-id: <[🔎] 4437EDDC.8020607@earthlink.net>
In-reply-to: <[🔎] 78bc38bc0604080910r3f8f28d7u28a9d80472428333@mail.gmail.com>
References: <[🔎] 78bc38bc0604080904q6bb757f4vab334533b2adb26e@mail.gmail.com> <[🔎] 4437DF8D.10203@familiasanchez.net> <[🔎] 78bc38bc0604080910r3f8f28d7u28a9d80472428333@mail.gmail.com>

M A wrote:

Details thats all the ISP gave me,

Surely there must be a way to detect this is happening, or the source of it,

I have since removed all my secondary IP's,

Does IPtables need to have rules for all my secondary Ips?


I have no details of your situation, but I'd suspect that you had an
insecure web service running, and the phisher broke in using that.
Iptables can't protect you from that.

Did you keep your software up-to-date, including the insecure PHP
scripts that you're probably running?

Mr. Sanchez is right. A format and reinstall is appropriate, but you
probably first want to look through your log files to see how the
intruder got in. If you format and then reinstall the same vulnerable
software, you'll be back where you started soon.

Good luck.

Reply to:

References:
- How do I fix this?
  - From: "M A" <geneticflyer@googlemail.com>
- Re: How do I fix this?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: How do I fix this?
  - From: "M A" <geneticflyer@googlemail.com>

Prev by Date: Re: lilo not "accepting" a new kernel
Next by Date: Re: Package to decode wmv video web stream?
Previous by thread: Re: How do I fix this?
Next by thread: Re: How do I fix this?
Index(es):
- Date
- Thread