> On 22 Jan 2008 00:55:30 -0000, <ponchovaldes (at) gmail (dot) com [email concealed]> wrote:
> > Hello guys, we have a social network that is getting stronger, but we are having an issue.
> >
> >
> > And the issue is that Sometimes... our page redirects to another Portal, actually the page that redirects is our first competition,here in Latino America, i know that they are causing that kind of mess.. so we thought in this.
> >
> >
> > - We know that our DNS server is ok, and havent been compromised,
> >
> > - DNS cache poisoning
> >
> > - Malware ?
> >
> > - some kind of virus that the guys(bad) made. ( the other portal - social network-)
> >
> >
> > - Other soolution? sue them?
> >
> >
> > HElp guys.. this thing is taking out alot of users :(
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: "Ronald van der Westen" <rvdwesten (at) gmail (dot) com [email concealed]>
Date: Fri, 25 Jan 2008 13:31:59
To:dxp <dxp2532 (at) gmail (dot) com [email concealed]>
Cc:ponchovaldes (at) gmail (dot) com [email concealed], incidents (at) securityfocus (dot) com [email concealed]
Subject: Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition
ARP poisoning is only possible in a subnet. Since this system is
probably located somewhere on the internet, I'm sure that there is a
router somewhere in the path from the source to destination.
I don't think ARP cache poisoning is the problem here, unless client
and server are in the same subnet.
On Jan 24, 2008 5:05 AM, dxp <dxp2532 (at) gmail (dot) com [email concealed]> wrote:
> There are some reports of a large scale web site compromise where
> thousands of sites are affected. Currently, info is limited but it
> looks like the Apache daemon is compomised thus your web page files
> are unchanged. This is known to affect shared hosting environments
> but it doesn't have to be limited to that.
>
> Another possiblity is ARP cache poisoning, either at the client side
> (you) or the server side.
> Here's a good write up on this attack vector:
> http://www.websense.com/securitylabs/blog/blog.php?BlogID=166
>
> ---
> dxp
>
> On 22 Jan 2008 00:55:30 -0000, <ponchovaldes (at) gmail (dot) com [email concealed]> wrote:
> > Hello guys, we have a social network that is getting stronger, but we are having an issue.
> >
> >
> > And the issue is that Sometimes... our page redirects to another Portal, actually the page that redirects is our first competition,here in Latino America, i know that they are causing that kind of mess.. so we thought in this.
> >
> >
> > - We know that our DNS server is ok, and havent been compromised,
> >
> > - DNS cache poisoning
> >
> > - Malware ?
> >
> > - some kind of virus that the guys(bad) made. ( the other portal - social network-)
> >
> >
> > - Other soolution? sue them?
> >
> >
> > HElp guys.. this thing is taking out alot of users :(
> >
> >
> > thanks in advance!
> >
> >
> > Cheers from México
> >
>
--
Ronald van der Westen
[ reply ]