Archived posting to the Leica Users Group, 2004/02/13
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]Hi Brian, Thanks for taking the trouble to check it. Don Cardish did look at the source code and found two added lines at the bottom which loaded the offending site. Obviously, neither I nor the hosting service had added them. Dot5Hosting cleaned the index.html file during the day and for now things are back to normal. The main index file was the only one affected, none of the deep links were altered in any way. Nathan Brian Reid wrote: > > I have studied your website and your hosting company and their software, and I do not believe that they are the source of the pornographic popups. They are running this configuration: > > Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b > > it is one with which I am very familiar, and it is hard to hack. I put a monitoring device (called a "sniffer") on the wire while I visited your site, and looked at the HTTP protocol back and forth. I did not see anything capable of generating a popup window. > > There is something odd about the DNS service provided by dot5hosting.com; my current theory is that one of the name servers has been compromised, but I haven't been able to reach it. > > It is also possible that these popups are being added by a transparent proxy somewhere in the data path. Has anyone not in Europe seen the popups? > > -- > To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html - -- Nathan Wajsman Almere, The Netherlands e-mail: n.wajsman@chello.nl Mobile: +31 630 868 671 Photo site: http://www.wajsmanphoto.com/index.htm - -- To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html