Re: Possible hack? Images replaced on proxy server

["andre" <andreq () infolink com br>]

Probably your proxy is considering ".asp" as a static content. I believe its
squid´s default. You can try to changing this configuration.
----- Original Message -----
From: "David Hodges" <dhodges () outermost com>
To: <webappsec () securityfocus com>
Sent: Sunday, February 09, 2003 1:34 PM
Subject: Possible hack? Images replaced on proxy server


> I am responsible for several ASP and ASP.Net web sites that are hosted at
> an independent ISP. These sites were developed for a corporate client
which
> has its own corporate network and firewall, completely separate from the
> ISP where these sites are hosted.
>
> The other day, an employee of this corporation was surfing our site from
> within the corporate firewall and found one of our images was coming up as
> a porn image! Another employee was able to verify this.
>
> Then we found that other images were coming up with no content, or as
> horizontal bars of color.
>
> These problems are not occurring outside the corporate firewall;  and the
> source images, on the server at the ISP, are fine. Only people behind this
> firewall see these bad images.
>
> I suspect someone has hacked the corporate proxy server but I have no way
> to know for sure. I am in somewhat of a panic because naturally it does
not
> reflect well on my little company to have porn images coming up on sites
we
> develop.
>
> I renamed the image in question and changed the IMG tag in the html, which
> fixed the problem for the time being. But I am worried about future.
>
> Would a META HTTP-EQUIV="Pragma" CONTENT="no-cache" tag help?
>
> What else can I do to prevent this, and, what can be causing this?
>
> Thanks,
> David