"Have you made sure you're not hacked? At the very least, get a copy of
the latest "chkrootkit" (http://www.chkrootkit.org/), install it, and
run it, and let us know if you get any positives. Don't faint if you do
<grin>... there are such things as false positives."
There was several previous posts last week or the week before Jeff
regarding the mysterious death that the servers having, chkrootkit is
showing nothing unusual apart from the odd lkm warning every now and then
but that's normal on a RaQ, run it manually straight after I see it and it
shows nothing and all other security measures are in place, the log files
show that while the server wasn't accessible by http, ftp or ssh active
monitor was still checking sendmail, ftp etc even mailscanner was doing
it's thing every 4 hours and even weirder was that there were some
IPChains logs on logcheck - so some traffic was getting to the server. I
know the servers not dead cause at one point it was down for 4 hours
before we noticed, rebooted and within 20 minutes the hourly logcheck
reports came through to us with logs for the time it was down - nothing
much on them though.
I know it wasn't an ISP issue with me not being able to get access to the
server as I have 4 different ISP accounts and each one couldn't reach the
server, I also know it wasn't a New Zealand issue as several of my
Canadian and US based customers complained about not being able to access
their web site or get email.
Now I can't ping or traceroute to the machine as the firewall rules that
have been set-up for this server has those blocked - reason being that not
that long ago we were receiving the old ping of death attack for a while
and our colo recommended that we modified our rules to prevent it from
happening again.
So as you see I'm totally confused as to what the servers doing