Re: [SLUG] Need help, I appear to victim of mischief

From: Smitty (a.smitty@verizon.net)
Date: Sat Aug 17 2002 - 21:29:47 EDT


Sounds like you were dos'd and rooted. Download chkrootkit from
http://www.chkrootkit.org
unpack it, compile it, and run it. It MAY identify a trojan or rootkit
inserted into your system. Then check you logs for unauthorized activity on
your system. Note: the logs may have been altered by the attacker.
I suspect it would be someone at your former employer. Sit down and list
all those former coworkers you had unresolved problems with. Then from that
list, look at who could have had the knowhow to pull off this attack. Then
list anyone from the original list who has a felony background - not
necessarily prosecuted.
The two derived lists are your suspects and those common to both lists are
the prime suspects.
Smitty

On Saturday 17 August 2002 11:36, you wrote:
> Hi all,
>
> Last Friday I left my previous job to go to work for a new employer. Lets
> just say that my parting was not happy because of the immature actions of
> my previous employer.
>
> Suddenly, as in since last Saturday, I have appeared to become the victim
> of some very ingenious mischief. My server appears to be the victim of DOS
> attacks. And I suddenly have began getting several virus attacks via
> email.
>
> I tried to install RAV anti virus for PostFix and my server went berserk,
> although it may have been coincidental with a DOS attack.
>
> I am now getting messages on my terminal when I reboot the server to the
> effect, "Sorry I was gone, but I am back now".
>
> Can anyone lead me in the direction of verifying if in fact I just happen
> to be getting random emails with viruses, or is it a deliberate attempt to
> interfere with my website and email.
>
> And specifically where it is being generated from. If it is as I suspect,
> I would like to have the proof before I confront the party responsible with
> my attorney.
>
> Any help would be appreciated
>
> Please feel free to contact me off list.
>
> Darr Palmer
> darr@darrpalmer.com



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:26:41 EDT