Hi, Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9. Whenever I tried to access my webpage hosted on suse box, I always get redirected to external website. It looked like someone has been intercepting the request. Hope anyone can give me some insight on how to get rid of this. Thks. __________________________________________________ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Did you try rkhunter ? From: Gary Saptaputra <garytas_dev@yahoo.com.sg> To: suse-security@suse.com Date: Monday, May 30, 2005, 4:52:47 PM Subject: [suse-security] url redirected Monday, May 30, 2005, 4:52:47 PM, you wrote:
Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Whenever I tried to access my webpage hosted on suse box, I always get redirected to external website. It looked like someone has been intercepting the request.
Hope anyone can give me some insight on how to get rid of this.
Thks.
__________________________________________________ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Hi, On Mon, 30 May 2005 21:52:47 +0800 (CST) Gary Saptaputra <.> wrote:
Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Check out the rkhunter tool [ http://www.rootkit.nl/ ]; being kindly provided also in rpm form by Patrick Shanahan (see recent list archi- ves): http://wahoo.no-ip.org/~pat/rkhunter-1.2.7-1.noarch.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.7-1.src.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.7.tar.gz You could try chkrootkit in addition, by downloading it directly from it's original site [ http://www.chkrootkit.org/ ] or simply rebuild the source rpm of 9.3: ftp://gd.tuwien.ac.at/opsys/linux/suse.com/suse/i386/9.3/suse/src/chkrootkit-0.44-3.src.rpm Hope, that your box is not corrupted and you just have e.g. few outdated entries in /etc/hosts. All the best, Pelibali
Gary, sorry if this sounds trivial, but did you try the simple potential reasons for a perceived redirection first ? - Check DNS resolution from the Client that gets "redirected" ( for example stale /etc/hosts entries ) - If you are in a company LAN ( behind a firewall ) look at your proxy settings in general and especially at the "no Proxy for" section of your browser config - use tcpdump/ethereal to look at what happens on the wire - can you rule out config errors of your webserver ? does it only redirect when accessed from the box itself, from a specific client or from any client ? Eric Gary Saptaputra wrote:
Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Whenever I tried to access my webpage hosted on suse box, I always get redirected to external website. It looked like someone has been intercepting the request.
Hope anyone can give me some insight on how to get rid of this.
Thks.
__________________________________________________ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Eric Mueller EDS Operations Services GmbH Global IMDS Technology Management Eisenstr. 56, D-65428 Ruesselsheim, Germany phone : +49 6142 80 1218 http://services.mdsystem.com
participants (4)
-
e.mueller -
Gary Saptaputra -
John -
pelibali