On Saturday 31 January 2004 02:10, Andreas Jägermann wrote:
On Friday 30 January 2004 14:51, Andreas Jägermann wrote:
Is this a security problem at my site? How can I prevent this without limiting access to certain ip addresses? I'm using SuSE 8.0 with all patches applied.
Any hint is appreciated. Thanks in advance.
I'm guessing your user has spyware on his machine. If its windows he should try spybot search and destroy or adaware.
This was my first thought, too. But spybot and an additional virus scan did not produce any significant result.
If it is limited to that single user it would have to be somewhere on his end, or along the route to you. Perhaps a traceroute from his end would reveal something - maybey a caching proxy server between him and you. Also a netstat -an from his machine immediatly (within a second) of requesting a page on your site might reveal odd connections to some other site. If you ever figure it out besure to post here as this is quite interesting. -- _____________________________________ John Andersen