httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Proniewski <patrick.proniew...@univ-lyon2.fr>
Subject Re: [users@httpd] Re: phishing problem
Date Wed, 13 Jul 2011 07:23:47 GMT
On 13 juil. 2011, at 07:23, Ashwin Kesavan wrote:

> And make sure it is not a case access to your server having httpd is compromised ? look
though the apache httpd conf files and its included files and look for the parameter redirect
..... or some url rewite rule through mod_rewrite rules. Did you access log recorded any redirect
http code, I think the http code is 3xx. Instead of thinking at big things like DNS cache
poisioning, first make sure something under your nose is missed.

Say you are the hacker: you gain access to the real server, with privileges high enough to
change apache config and restart the daemon. What is the point in redirecting users to your
own server when you can gain access to user data (webmail login and password, then mailbox
content) without anybody noticing? 

I think Franck has no idea what's going on, and he should really investigate, gather evidence
and technical facts before we continue to enumerate every kind of possible compromise :/

Patrick PRONIEWSKI
-- 
Administrateur Système - DSI - Université Lumière Lyon 2


Mime
View raw message