Home page logo
/

basics logo Security Basics mailing list archives

Re: Part of the web page being MODIFIED !
From: "frank" <chocobofrank () hotmail com>
Date: Tue, 26 Nov 2002 17:09:04 +0800

Hi Lim Ghee Lam,

Actually I am running a SUN Solaris 2.6 on a Ultra 10 and the web site has
been protected by firewall so that only HTTP access from the public is
possible.

Do you really think there are trojan on my webserver ? How can I know the
real cause ?

Frank
----- Original Message -----
From: "Lim Ghee Lam" <gllim () ewarna com>
To: "Frank Cheong" <chocobofrank () hotmail com>
Cc: <security-basics () securityfocus com>
Sent: Tuesday, November 26, 2002 5:02 PM
Subject: Re: Part of the web page being MODIFIED !


Hi Frank,

Have you tried using any file integrity checking ? A better one is like
md5 checksum.Have you consider using tripwire or the like ?

Session hijack in my opinion unlikely, normally happen on telnet, rpc
connections which are in ESTABLISHED state.

To me it looks like more of arbitrary code execution in your web server.
What system and web server you are running anyway? You didn't describe
that.

Best Regards

LIM GHEE LAM



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault