[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Help with possible hacking of a VirtualHost

From: Bill Tangren <bjt aa usno navy mil>
To: redhat-list redhat com
Subject: Help with possible hacking of a VirtualHost
Date: Tue Jul 1 12:55:41 2003

I have a perplexing problem. I received an email this morning from some one who states that he was surfing my web site site1.com, when he received a portscan attack from site2.com. However, site2.com is a VirtualHost that is aliased to site1.com. This person told us because he said we might have been hacked. I immediately changed the root password.

Could someone tell me how this could have happened? If you do a lookup on site2.com, and then do a reverse lookup on that IP number, you see site1.com, not site2.com.

If I have been hacked, what should I look at? I don't see any obvious evidence in the logs, but I'm not sure I would.

TIA,

Bill Tangren

Follow-Ups:
- Re: Help with possible hacking of a VirtualHost
  - From: MKlinke
- Re: Help with possible hacking of a VirtualHost
  - From: Rick Warner

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]