Hi Lim Ghee Lam, Actually I am running a SUN Solaris 2.6 on a Ultra 10 and the web site has been protected by firewall so that only HTTP access from the public is possible.
Do you really think there are trojan on my webserver ? How can I know the real cause ? Frank ----- Original Message ----- From: "Lim Ghee Lam" <[EMAIL PROTECTED]> To: "Frank Cheong" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, November 26, 2002 5:02 PM Subject: Re: Part of the web page being MODIFIED ! > Hi Frank, > > Have you tried using any file integrity checking ? A better one is like > md5 checksum.Have you consider using tripwire or the like ? > > Session hijack in my opinion unlikely, normally happen on telnet, rpc > connections which are in ESTABLISHED state. > > To me it looks like more of arbitrary code execution in your web server. > What system and web server you are running anyway? You didn't describe > that. > > Best Regards > > LIM GHEE LAM >
