Re: Someone hacked my apache2 server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oleg Goryunov wrote:
A good explanation I received from a datacenter where I have the server:

"we classify this sort of issue as "Stealing the gateway". basically
what someone does is they send out false arp packets(flooding the entire
network segment) causing all servers and switching to think their server
is the
gateway instead of our router. they can then insert their own frame
inside of
all web traffic. this sort of issue is usually resolved within a few minutes
when we terminate the server. most likely this is what happened and explains
why the issue started and then suddenly went away without any evidence
on your
server of being hacked."
Unfortunately, they said they did not have a database of registered
events of this kind. :(

The problem is detecting the problem TO log it. Often it's outside the actual data centre. Firebird had it's website being redirected, but only on a couple of DNS servers, everybody else saw the correct IP address. Your description of 'all sites' simply confirms that your users are getting the wrong DNS lookup, rather than YOUR site having been compromised.

--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux