On Saturday 18 Oct 2003 5:05 am, Eric Huff wrote: > every once in awhile, if i go to webmin (which i have bookmarked as > > https://localhost:10000/ > or > > https://127.0.0.1:10000/ > > i get > > http://www.netbreakthroughs.com/ > > instead which is some insidious spam promoting site (don't click it > unless you are really curious). > > > I am behind a lynksys firewall, and here is what nmap says: > > ~ $ nmap -p 1-60000 66.215.6.110 > > Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) > Interesting ports on 66-215-6-110.pas-eres.charterpipeline.net > (66.215.6.110): > (The 59996 ports scanned but not shown below are in state: closed) > Port State Service > 80/tcp open http > 2468/tcp open unknown > 5678/tcp open unknown > 6688/tcp open unknown > > Nmap run completed -- 1 IP address (1 host up) scanned in 80 seconds > > I have to admit, i don't know what the last 3 are. > > What could it be? > > chrootkit doesn't show up anything. Well, i looked thru all the > lines of it. If there was a problem, would it epeat the problems at > the end? > > I am worried quite a bit... > > thanks, > eric
Eric Aren't you one of those that put lists of adware sites in your /etc/hosts lists as aliases for localhost http://www.mail-archive.com/[EMAIL PROTECTED]/msg131506.html If this site is in your list, then no wonder you get directed there when you open localhost. Maybe you should use privoxy for ad blocking instead. derek -- ---------------------------------- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com