Archived posting to the Leica Users Group, 2004/02/13

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: Re: [Leica] OT: Help, my web site has been hijacked!
From: Nathan Wajsman <n.wajsman@chello.nl>
Date: Fri, 13 Feb 2004 18:18:47 +0100
References: <402C5CAA.4DB7B59F@chello.nl> <2147483647.1076657567@cambric.reid.org>

Hi Brian,

Thanks for taking the trouble to check it. Don Cardish did look at the
source code and found two added lines at the bottom which loaded the
offending site. Obviously, neither I nor the hosting service had added
them. Dot5Hosting cleaned the index.html file during the day and for now
things are back to normal. The main index file was the only one
affected, none of the deep links were altered in any way.

Nathan

Brian Reid wrote:
> 
> I have studied your website and your hosting company and their software, and I do not believe that they are the source of the pornographic popups. They are running this configuration:
> 
> Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b
> 
> it is one with which I am very familiar, and it is hard to hack. I put a monitoring device (called a "sniffer") on the wire while I visited your site, and looked at the HTTP protocol back and forth. I did not see anything capable of generating a popup window.
> 
> There is something odd about the DNS service provided by dot5hosting.com; my current theory is that one of the name servers has been compromised, but I haven't been able to reach it.
> 
> It is also possible that these popups are being added by a transparent proxy somewhere in the data path. Has anyone not in Europe seen the popups?
> 
> --
> To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html

- -- 
Nathan Wajsman
Almere, The Netherlands

e-mail: n.wajsman@chello.nl
Mobile: +31 630 868 671

Photo site: http://www.wajsmanphoto.com/index.htm
- --
To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html

Replies: Reply from Brian Reid <reid@mejac.palo-alto.ca.us> (Re: [Leica] OT: Help, my web site has been hijacked!)
Reply from Tina Manley <images@InfoAve.Net> (Re: [Leica] Piezography users)
In reply to: Message from Nathan Wajsman <n.wajsman@chello.nl> ([Leica] OT: Help, my web site has been hijacked!)
Message from Brian Reid <reid@mejac.palo-alto.ca.us> (Re: [Leica] OT: Help, my web site has been hijacked!)