On Tuesday 01 July 2003 15:45, Bill Tangren wrote:
I have a perplexing problem. I received an email this morning from some one who states that he was surfing my web site site1.com, when he received a portscan attack from site2.com. However, site2.com is a VirtualHost that is aliased to site1.com. This person told us because he said we might have been hacked. I immediately changed the root password.
Could someone tell me how this could have happened? If you do a lookup on site2.com, and then do a reverse lookup on that IP number, you see site1.com, not site2.com.
If I have been hacked, what should I look at? I don't see any obvious evidence in the logs, but I'm not sure I would.
TIA,
Bill Tangren
Did this person send along any logs showing the scan packets or offer any kind of detail as to what he meant by "portscan?"
Regards, Mike Klinke
I requested logs from his firewall, but have not heard back. This is wierd as the machine in question is a server only, and I don't have telnet (server or client) on it. The few who have accounts have to use ssh (protocol 2 only) to get access. Also, all packages are up to date, and I am behind a firewall (which I don't maintain). Wierd.
Bill
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
