mailing list archives
Re: Part of the web page being MODIFIED !
From: "frank" <chocobofrank () hotmail com>
Date: Tue, 26 Nov 2002 17:09:04 +0800
Hi Lim Ghee Lam,
Actually I am running a SUN Solaris 2.6 on a Ultra 10 and the web site has
been protected by firewall so that only HTTP access from the public is
Do you really think there are trojan on my webserver ? How can I know the
real cause ?
----- Original Message -----
From: "Lim Ghee Lam" <gllim () ewarna com>
To: "Frank Cheong" <chocobofrank () hotmail com>
Cc: <security-basics () securityfocus com>
Sent: Tuesday, November 26, 2002 5:02 PM
Subject: Re: Part of the web page being MODIFIED !
Have you tried using any file integrity checking ? A better one is like
md5 checksum.Have you consider using tripwire or the like ?
Session hijack in my opinion unlikely, normally happen on telnet, rpc
connections which are in ESTABLISHED state.
To me it looks like more of arbitrary code execution in your web server.
What system and web server you are running anyway? You didn't describe
LIM GHEE LAM