Archived posting to the Leica Users Group, 2004/02/13

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: Re: [Leica] OT: Help, my web site has been hijacked!
From: Dan C <leicaman@sympatico.ca>
Date: Fri, 13 Feb 2004 11:06:42 -0500
References: <402C5CAA.4DB7B59F@chello.nl> <402C5CAA.4DB7B59F@chello.nl>

Brian, I'm in Canada and I saw the popup.   It was more than a popup; it
was one of those insideus (sp? or is this a type of tree?) windows which
ask you if you agree to download something or other, similar to those
"gator" thingys which I've seen many times.

I also found a line of code right at the bottom of Nathan's source code for
his site, which did not belong.  The question is when and from wherer did
that code get inserted into his page?  (I've already been in touch with
Nathan about this).

- -dan c.

At 07:32 AM 13-02-04 -0800, you wrote:
>I have studied your website and your hosting company and their software,
and I do not believe that they are the source of the pornographic popups.
They are running this configuration:
>
>Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0
mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b
>
>it is one with which I am very familiar, and it is hard to hack. I put a
monitoring device (called a "sniffer") on the wire while I visited your
site, and looked at the HTTP protocol back and forth. I did not see
anything capable of generating a popup window.
>
>There is something odd about the DNS service provided by dot5hosting.com;
my current theory is that one of the name servers has been compromised, but
I haven't been able to reach it.
>
>It is also possible that these popups are being added by a transparent
proxy somewhere in the data path. Has anyone not in Europe seen the popups?
>
>--
>To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html
>
- --
To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html

In reply to: Message from Nathan Wajsman <n.wajsman@chello.nl> ([Leica] OT: Help, my web site has been hijacked!)
Message from Nathan Wajsman <n.wajsman@chello.nl> ([Leica] OT: Help, my web site has been hijacked!)