Archived posting to the Leica Users Group, 2004/02/13

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: Re: [Leica] OT: Help, my web site has been hijacked!
From: Brian Reid <reid@mejac.palo-alto.ca.us>
Date: Fri, 13 Feb 2004 07:32:47 -0800
References: <402C5CAA.4DB7B59F@chello.nl>

I have studied your website and your hosting company and their software, and I do not believe that they are the source of the pornographic popups. They are running this configuration:

Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b

it is one with which I am very familiar, and it is hard to hack. I put a monitoring device (called a "sniffer") on the wire while I visited your site, and looked at the HTTP protocol back and forth. I did not see anything capable of generating a popup window.

There is something odd about the DNS service provided by dot5hosting.com; my current theory is that one of the name servers has been compromised, but I haven't been able to reach it.

It is also possible that these popups are being added by a transparent proxy somewhere in the data path. Has anyone not in Europe seen the popups?

- --
To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html

Replies: Reply from Nathan Wajsman <n.wajsman@chello.nl> (Re: [Leica] OT: Help, my web site has been hijacked!)
In reply to: Message from Nathan Wajsman <n.wajsman@chello.nl> ([Leica] OT: Help, my web site has been hijacked!)