On Tuesday 01 July 2003 15:45, Bill Tangren wrote: > I have a perplexing problem. I received an email this morning from > some one who states that he was surfing my web site site1.com, when > he received a portscan attack from site2.com. However, site2.com is a > VirtualHost that is aliased to site1.com. This person told us because > he said we might have been hacked. I immediately changed the root > password. > > Could someone tell me how this could have happened? If you do a > lookup on site2.com, and then do a reverse lookup on that IP number, > you see site1.com, not site2.com. > > If I have been hacked, what should I look at? I don't see any obvious > evidence in the logs, but I'm not sure I would. > > TIA, > > Bill Tangren
Did this person send along any logs showing the scan packets or offer any kind of detail as to what he meant by "portscan?" Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
