httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ashwin Kesavan <ashwi...@yahoo-inc.com>
Subject RE: [users@httpd] Re: phishing problem
Date Wed, 13 Jul 2011 05:23:16 GMT
Answers inline

-----Original Message-----
From: Patrick Proniewski [mailto:patrick.proniewski@univ-lyon2.fr] 
Sent: Wednesday, July 13, 2011 2:34 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Re: phishing problem

On 12 juil. 2011, at 21:40, Frank Bonnet wrote:

> I think effectivelly users's requests have been redirected
> to the hacked servers ...

so it's not a phishing, it's more like a man-in-the-middle, or a DNS cache poisoning...
The only way for you to know what happens is to act as victims do (doing exactly what they
do, and land on the pirate server) while you perform some forensic analysis (tcpdump/wireshark
on port 53, 80 and 443 should be enough).

And make sure it is not a case access to your server having httpd is compromised ? look though
the apache httpd conf files and its included files and look for the parameter redirect .....
or some url rewite rule through mod_rewrite rules. Did you access log recorded any redirect
http code, I think the http code is 3xx. Instead of thinking at big things like DNS cache
poisioning, first make sure something under your nose is missed.

HTH

--ashwin

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message