httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Bonnet <>
Subject Re: [users@httpd] Re: phishing problem
Date Wed, 13 Jul 2011 07:38:24 GMT
On 07/13/2011 09:23 AM, Patrick Proniewski wrote:
> On 13 juil. 2011, at 07:23, Ashwin Kesavan wrote:
>> And make sure it is not a case access to your server having httpd is compromised
? look though the apache httpd conf files and its included files and look for the parameter
redirect ..... or some url rewite rule through mod_rewrite rules. Did you access log recorded
any redirect http code, I think the http code is 3xx. Instead of thinking at big things like
DNS cache poisioning, first make sure something under your nose is missed.
> Say you are the hacker: you gain access to the real server, with privileges high enough
to change apache config and restart the daemon. What is the point in redirecting users to
your own server when you can gain access to user data (webmail login and password, then mailbox
content) without anybody noticing?
> I think Franck has no idea what's going on, and he should really investigate, gather
evidence and technical facts before we continue to enumerate every kind of possible compromise

In fact I do know what is going on ! some hackers grab login/passwd of 
our users  !

In the mean time we have completely reinstall the extranet from scratch
on a new machine, passwords changed , etc etc .

Now the webmail which is "untouched" will serve to try to trap the "vilain"

The "event" happen on every new scholar year ( september ) at this time
the  "software" run to grab passwds of naive users.

we have time to prepare "something" as we know now which machine
is the target.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message