Please help for outbound attack

Hi,

How do I track the outbound attack, Is any specific log file I can check?
I got the info from dc that wich I was attacked. Anyone can help me?

thanks

Quote:

Originally Posted by dnsking

Hi,

How do I track the outbound attack, Is any specific log file I can check?
I got the info from dc that wich I was attacked. Anyone can help me?

thanks

1. You can do the modifications as per configserver's Exim Deny
http://www.configserver.com/free/eximdeny.html

2. You can also go through the script if it helps your way
http://yourwebsupport.com/sforum/index.php?topic=51.0

Regards
Bobby

[Pixelation]

Run chkrootkit and rkhunter and maybe even Nobody Check from WebHostGear.
To prevent this from happening in the future: harden your server! Secure your websever, your PHP, your tmpfs partitions, etc.

It's possible that your server has been compromised by script kiddies, you could always ask a company like www.seeksadmin.com to perform a security check and to secure/harden your server.

I suggest installing Snort with ACID which might help you detecting DDoS attacks in the future.

Try using ngrep to sniff outgoing packets.

Quote:

Originally Posted by avythe

Try using ngrep to sniff outgoing packets.

Get a serveradmin and ask him to install tools like mod_security, mod_dosevasive etc. Also make sure you have apf and bfd combination installed and this will prevent future problems. Try installing grsecurity kernels.