On Saturday 17 August 2002 11:36 am, you wrote:
<SNIP>
> Suddenly, as in since last Saturday, I have appeared to become the victim
> of some very ingenious mischief. My server appears to be the victim of DOS
> attacks. And I suddenly have began getting several virus attacks via
> email.
Copy/print the logs.
Contact your uplink provider.
They can block the source at their router and provide additional logs.
> I tried to install RAV anti virus for PostFix and my server went berserk,
> although it may have been coincidental with a DOS attack.
>
> I am now getting messages on my terminal when I reboot the server to the
> effect, "Sorry I was gone, but I am back now".
Perhaps you been rooted.
Take the system off-line, back it up and look for changed files. You have
tripwire plus other security tools installed and configured don't you ?
It's best to re-install on a new H/D and keep the old once for
investigation/evidence.
You have backups don't you ?
Re-install from your latest (pre-event) backup.
> Can anyone lead me in the direction of verifying if in fact I just happen
> to be getting random emails with viruses, or is it a deliberate attempt to
> interfere with my website and email.
There arn't any viruses on Unix in the real world, that I know of. There are
several theoretical and laboratory viruses.
Try unix or linux viruses ina search engine.
> And specifically where it is being generated from. If it is as I suspect,
> I would like to have the proof before I confront the party responsible with
> my attorney.
Logs again.
> Any help would be appreciated
>
> Please feel free to contact me off list.
>
> Darr Palmer
> darr@darrpalmer.com
Regards...Martin
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:25:36 EDT