Incidents
DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 22 2008 12:55AM
ponchovaldes gmail com (4 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 11:55AM
david bizeul (david bizeul gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 06:58PM
Jon R. Kibler (Jon Kibler aset com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 04:05AM
dxp (dxp2532 gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 25 2008 12:31PM
Ronald van der Westen (rvdwesten gmail com) (2 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 25 2008 06:00PM
Cedric Blancher (blancher cartel-securite fr) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 04:59PM
Jeff Plewes (plewes gmail com) (4 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 29 2008 12:06AM
Eduardo Tongson (propolice gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 28 2008 10:46PM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
On Mon, 2008-01-28 at 11:59 -0500, Jeff Plewes wrote:
> Update,
>
> The problem box:
> - centos 5 base, updated via yum from default repository.
> - httpd 2.2.3-11.el5_1.centos.3 (2.2.8 backport?)
> - php 5.2.5 compiled from source
> - courier-authlib 0.60.2 compiled from source
> - courier-imap-4.3.0 compiled from source
> - exim 4.69 compiled from source
> - proftpd 1.3.1 compiled from source
>
> I have no control panel of any sort installed.

Do you exert *any* control over your customers' content?

> The box was running RH9.. had the issue.. formatted and replaced with
> fresh install of centos 5... copied over customer vhosts..

I guess not :)

> Gets hit again within days.

Highly likely. The commonality between the systems is your customers,
who I would either finger directly as the culprits or their sites.
Anyone running an outdated "Nuke" of any type, for example? Menalto
Gallery? Real old Actinic shopping carts, anything like that?

> I have many other hosts in the datacenter with various configurations
> but all would have had the same apache, php, ssh, ssl versions as this
> box before at RH9. None of them have been hit.. none of them however,
> contain exim, courier, or proftpd

I would personally be *extremely* surprised to find any of these three
being the entry point, especially given the versions you mention.

My finger points at PHP, indirectly, through a hole in an application
giving a remote attacker local user privs. Once they're in your system,
all bets are off - even if they're not root yet, they could be sometime
soon.

Graeme

[ reply ]
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 11:57PM
Eduardo Tongson (propolice gmail com) (2 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 29 2008 06:59PM
Valdis Kletnieks vt edu (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 30 2008 12:22AM
Eduardo Tongson (propolice gmail com) (2 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 30 2008 06:15PM
Jason Stelzer (jason stelzer gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 31 2008 02:49AM
Eduardo Tongson (propolice gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 31 2008 04:54PM
Jamie Riden (jamie riden gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Feb 01 2008 12:07AM
Eduardo Tongson (propolice gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 30 2008 05:50PM
Graeme Fowler (G E Fowler lboro ac uk)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 29 2008 08:39AM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 29 2008 04:25PM
Paul Schmehl (pauls utdallas edu)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 09:15PM
Gary Baribault (gary baribault net)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 07:24PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 28 2008 08:17PM
Jeff Plewes (plewes gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 03:04AM
Jeff Plewes (plewes gmail com) (4 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 02:53AM
Eduardo Tongson (propolice gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 10:11PM
Florian Weimer (fw deneb enyo de) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 02:46AM
Jeff Plewes (plewes gmail com) (1 replies)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 24 2008 08:03AM
Mark Gottschalk (mgotts 2roads com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 06:28PM
Gary Baribault (gary baribault net)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 05:15PM
Stephen John Smoogen (smooge gmail com)
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 22 2008 05:03PM
Stephen John Smoogen (smooge gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus