Security Basics mailing list archives
Re: Part of the web page being MODIFIED !
From: "frank" <chocobofrank () hotmail com>
Date: Tue, 26 Nov 2002 17:09:04 +0800
Hi Lim Ghee Lam, Actually I am running a SUN Solaris 2.6 on a Ultra 10 and the web site has been protected by firewall so that only HTTP access from the public is possible. Do you really think there are trojan on my webserver ? How can I know the real cause ? Frank ----- Original Message ----- From: "Lim Ghee Lam" <gllim () ewarna com> To: "Frank Cheong" <chocobofrank () hotmail com> Cc: <security-basics () securityfocus com> Sent: Tuesday, November 26, 2002 5:02 PM Subject: Re: Part of the web page being MODIFIED !
Hi Frank, Have you tried using any file integrity checking ? A better one is like md5 checksum.Have you consider using tripwire or the like ? Session hijack in my opinion unlikely, normally happen on telnet, rpc connections which are in ESTABLISHED state. To me it looks like more of arbitrary code execution in your web server. What system and web server you are running anyway? You didn't describe that. Best Regards LIM GHEE LAM
Current thread:
- Part of the web page being MODIFIED ! Frank Cheong (Nov 26)
- Re: Part of the web page being MODIFIED ! Lim Ghee Lam (Nov 26)
- Re: Part of the web page being MODIFIED ! frank (Nov 26)
- Re: Part of the web page being MODIFIED ! Lim Ghee Lam (Nov 26)
- Re: Part of the web page being MODIFIED ! frank (Nov 26)
- Re: Part of the web page being MODIFIED ! frank (Nov 26)
- Re: Part of the web page being MODIFIED ! Lim Ghee Lam (Nov 26)
- RE: Part of the web page being MODIFIED ! sanjay . patel (Nov 26)
- RE: Part of the web page being MODIFIED ! Mike Dresser (Nov 26)
- Re: Part of the web page being MODIFIED ! phani (Nov 26)
- Re: Part of the web page being MODIFIED ! Johannes Ullrich (Nov 27)
- Re: Part of the web page being MODIFIED ! Bryan Wagstaff (Nov 26)
- <Possible follow-ups>
- RE: Part of the web page being MODIFIED ! Chris Santerre (Nov 28)