Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Whenever I tried to access my webpage hosted on suse box, I always get redirected to external website. It looked like someone has been intercepting the request.
Hope anyone can give me some insight on how to get rid of this.
Thks.
__________________________________________________ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Did you try rkhunter ?
From: Gary Saptaputra garytas_dev@yahoo.com.sg To: suse-security@suse.com Date: Monday, May 30, 2005, 4:52:47 PM Subject: [suse-security] url redirected
Monday, May 30, 2005, 4:52:47 PM, you wrote:
Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Whenever I tried to access my webpage hosted on suse box, I always get redirected to external website. It looked like someone has been intercepting the request.
Hope anyone can give me some insight on how to get rid of this.
Thks.
Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Hi,
On Mon, 30 May 2005 21:52:47 +0800 (CST) Gary Saptaputra <.> wrote:
Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Check out the rkhunter tool [ http://www.rootkit.nl/ ]; being kindly provided also in rpm form by Patrick Shanahan (see recent list archi- ves): http://wahoo.no-ip.org/%7Epat/rkhunter-1.2.7-1.noarch.rpm http://wahoo.no-ip.org/%7Epat/rkhunter-1.2.7-1.src.rpm http://wahoo.no-ip.org/%7Epat/rkhunter-1.2.7.tar.gz
You could try chkrootkit in addition, by downloading it directly from it's original site [ http://www.chkrootkit.org/ ] or simply rebuild the source rpm of 9.3: ftp://gd.tuwien.ac.at/opsys/linux/suse.com/suse/i386/9.3/suse/src/chkrootkit-0.44-3.src.rpm
Hope, that your box is not corrupted and you just have e.g. few outdated entries in /etc/hosts.
All the best, Pelibali
Gary,
sorry if this sounds trivial, but did you try the simple potential reasons for a perceived redirection first ?
- Check DNS resolution from the Client that gets "redirected" ( for example stale /etc/hosts entries ) - If you are in a company LAN ( behind a firewall ) look at your proxy settings in general and especially at the "no Proxy for" section of your browser config - use tcpdump/ethereal to look at what happens on the wire - can you rule out config errors of your webserver ?
does it only redirect when accessed from the box itself, from a specific client or from any client ?
Eric
Gary Saptaputra wrote:
Hi,
Is there a tools that can check whether your suse box got hacked or not? It's suse enterprise 9.
Whenever I tried to access my webpage hosted on suse box, I always get redirected to external website. It looked like someone has been intercepting the request.
Hope anyone can give me some insight on how to get rid of this.
Thks.
Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-
e.mueller -
Gary Saptaputra -
John -
pelibali