Incidents
DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 22 2008 12:55AM
ponchovaldes gmail com (4 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 11:55AM
david bizeul (david bizeul gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 06:58PM
Jon R. Kibler (Jon Kibler aset com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 04:05AM
dxp (dxp2532 gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 25 2008 12:31PM
Ronald van der Westen (rvdwesten gmail com) (2 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 25 2008 06:00PM
Cedric Blancher (blancher cartel-securite fr) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 04:59PM
Jeff Plewes (plewes gmail com) (4 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 29 2008 12:06AM
Eduardo Tongson (propolice gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 28 2008 10:46PM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 11:57PM
Eduardo Tongson (propolice gmail com) (2 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 29 2008 06:59PM
Valdis Kletnieks vt edu (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 30 2008 12:22AM
Eduardo Tongson (propolice gmail com) (2 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 30 2008 06:15PM
Jason Stelzer (jason stelzer gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 31 2008 02:49AM
Eduardo Tongson (propolice gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 31 2008 04:54PM
Jamie Riden (jamie riden gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Feb 01 2008 12:07AM
Eduardo Tongson (propolice gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 30 2008 05:50PM
Graeme Fowler (G E Fowler lboro ac uk)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 29 2008 08:39AM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 29 2008 04:25PM
Paul Schmehl (pauls utdallas edu)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 09:15PM
Gary Baribault (gary baribault net)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 07:24PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 08:17PM
Jeff Plewes (plewes gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 03:04AM
Jeff Plewes (plewes gmail com) (4 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 02:53AM
Eduardo Tongson (propolice gmail com)
Hello Jeff,

Probably the same Linux rootkit [1]. Do you also see the 5-letter JS
file inclusion [2] on your pages? It appears right after the HTML
<body> tag.

[1] http://www.cpanel.net/security/notes/random_js_toolkit.html>
[2] <script language='JavaScript' type='text/javascript'
src='cbolw.js'></script>

Ed <http://blog.eonsec.com>

On Jan 23, 2008 11:04 AM, Jeff Plewes <plewes (at) gmail (dot) com [email concealed]> wrote:
> We have a similar problem on one of our co-location servers:
>
> - centos5 i386
> - apache 2.2.3-11.el5.centos (2.2.6 backport)
> - php 5.2.5 (compiled from source)
>
> The issue appears at random.. when it is present, a request to the
> web server will respond with a redirect to a spyware or malware
> download site. This will continue to redirect 10% of the traffic to
> the box until httpd is restarted. The redirection script is not found
> in any file on the server filesystem and believed to be injected into
> the response stream via a compromised httpd process in memory.
>
> This issue was happening on the same box when It used to be apache
> 2.0.56, php 5.1.0 running redhat 9. upgrading the distribution,
> apache, php etc has so far not resolved the issue.
>
> At this point we are upgrading to apache 2.2.3-11.el5.centos.3 (2.2.8
> backport) in hopes that the recent security patches in this build
> relating to XSS will solve the issue.
>
> I would really like to find the source of the problem, though.
>
> -Jeff
>
>
> On 22 Jan 2008 00:55:30 -0000, <ponchovaldes (at) gmail (dot) com [email concealed]> wrote:
>
> > Hello guys, we have a social network that is getting stronger, but we are having an issue.
> >
> >
> > And the issue is that Sometimes... our page redirects to another Portal, actually the page that redirects is our first competition,here in Latino America, i know that they are causing that kind of mess.. so we thought in this.
> >
> >
> > - We know that our DNS server is ok, and havent been compromised,
> >
> > - DNS cache poisoning
> >
> > - Malware ?
> >
> > - some kind of virus that the guys(bad) made. ( the other portal - social network-)
> >
> >
> > - Other soolution? sue them?
> >
> >
> > HElp guys.. this thing is taking out alot of users :(
> >
> >
> > thanks in advance!
> >
> >
> > Cheers from México
> >
>

[ reply ]
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 10:11PM
Florian Weimer (fw deneb enyo de) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 02:46AM
Jeff Plewes (plewes gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 08:03AM
Mark Gottschalk (mgotts 2roads com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 06:28PM
Gary Baribault (gary baribault net)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 05:15PM
Stephen John Smoogen (smooge gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 22 2008 05:03PM
Stephen John Smoogen (smooge gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus