Answers inline -----Original Message----- From: Patrick Proniewski [mailto:patrick.proniew...@univ-lyon2.fr] Sent: Wednesday, July 13, 2011 12:54 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Re: phishing problem
On 13 juil. 2011, at 07:23, Ashwin Kesavan wrote: > And make sure it is not a case access to your server having httpd is > compromised ? look though the apache httpd conf files and its included files > and look for the parameter redirect ..... or some url rewite rule through > mod_rewrite rules. Did you access log recorded any redirect http code, I > think the http code is 3xx. Instead of thinking at big things like DNS cache > poisioning, first make sure something under your nose is missed. Say you are the hacker: you gain access to the real server, with privileges high enough to change apache config and restart the daemon. What is the point in redirecting users to your own server when you can gain access to user data (webmail login and password, then mailbox content) without anybody noticing? ----- My replies>>>> There are huge befits of doing this if I were a hacker. First I don't invoke the suspicion of the admin. B'cos I am making minimal changes to config server, so that I delay his notice. Then by diverting to my website I have the huge advantage of doing anything I want and getting them to do what I want to do with them. I have user on my web server for which I have total control and best of all the user/actual admin suspicion is not raised or delayed till I can make my damage. Second most important point of diverting traffic. In case the admin suspects a compromise or a policy to change passwd every x days then I have do the hack all over again to gain access and this time the same hack may or may not work. So it is always make sense to divert traffic to your server. Is that enough reason to cracker to divert traffic instead of using the compromised server. HTH --ashwin --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
