Re: How do I fix this?
On Saturday 08 April 2006 12:04, M A wrote:
>Hi there Got this from my ISP the other day
>
>We have been forced to take your server off line, since your server is
>performing phishing from your secondary IP address xxx.xxx.xxx.224.
>
>that IP address was one my secondary IP's, using debian sarge, have
> iptables firewall,
>using qmail as the mail server ..
>
>How do i fix this, or detect that is happening ..
>
>
>Cheers
You have been "rootkitted", To learn more, go get chkrootkit, and
rkhunter. chkrootkit is now a bit long, but its got most of them
covered.
At the end of the day, your best recovery is to wipe and re-install, and
make sure the automatic software update facility is working so that
when security problems have been fixed, your machine will more or less
automaticly upgrade the software to keep your machine reasonably safe
from future such exploits.
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: