httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lester Caine <>
Subject Re: [users@httpd] Someone hacked my apache2 server
Date Sun, 04 Apr 2010 10:17:35 GMT
Oleg Goryunov wrote:
> A good explanation I received from a datacenter where I have the server:
> "we classify this sort of issue as "Stealing the gateway". basically
> what someone does is they send out false arp packets(flooding the entire
> network segment) causing all servers and switching to think their server
> is the
> gateway instead of our router. they can then insert their own frame
> inside of
> all web traffic. this sort of issue is usually resolved within a few minutes
> when we terminate the server. most likely this is what happened and explains
> why the issue started and then suddenly went away without any evidence
> on your
> server of being hacked."
> Unfortunately, they said they did not have a database of registered
> events of this kind. :(

The problem is detecting the problem TO log it. Often it's outside the actual 
data centre. Firebird had it's website being redirected, but only on a couple of 
DNS servers, everybody else saw the correct IP address. Your description of 'all 
sites' simply confirms that your users are getting the wrong DNS lookup, rather 
than YOUR site having been compromised.

Lester Caine - G8HFL
Contact -
L.S.Caine Electronic Services -
EnquirySolve -
Model Engineers Digital Workshop -
Firebird -

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message