Re: [users@httpd] Re: phishing problem

2011-07-13 Thread Frank Bonnet
On 07/13/2011 12:53 PM, Patrick Proniewski wrote: On 13 juil. 2011, at 12:18, Ashwin Kesavan wrote: There are huge befits of doing this if I were a hacker. First I don't invoke the suspicion of the admin. B'cos I am making minimal changes to config server, so that I delay his notice. Then by

Re: [users@httpd] Re: phishing problem

2011-07-13 Thread Patrick Proniewski
On 13 juil. 2011, at 12:18, Ashwin Kesavan wrote: > There are huge befits of doing this if I were a hacker. First I don't invoke > the suspicion of the admin. B'cos I am making minimal changes to config > server, so that I delay his notice. Then by diverting to my website I have > the huge adva

RE: [users@httpd] Re: phishing problem

2011-07-13 Thread Ashwin Kesavan
Answers inline -Original Message- From: Patrick Proniewski [mailto:patrick.proniew...@univ-lyon2.fr] Sent: Wednesday, July 13, 2011 12:54 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Re: phishing problem On 13 juil. 2011, at 07:23, Ashwin Kesavan wrote: > And make sure

Re: [users@httpd] Re: phishing problem

2011-07-13 Thread Frank Bonnet
On 07/13/2011 09:23 AM, Patrick Proniewski wrote: On 13 juil. 2011, at 07:23, Ashwin Kesavan wrote: And make sure it is not a case access to your server having httpd is compromised ? look though the apache httpd conf files and its included files and look for the parameter redirect . or so

Re: [users@httpd] Re: phishing problem

2011-07-13 Thread Patrick Proniewski
On 13 juil. 2011, at 07:23, Ashwin Kesavan wrote: > And make sure it is not a case access to your server having httpd is > compromised ? look though the apache httpd conf files and its included files > and look for the parameter redirect . or some url rewite rule through > mod_rewrite rules

Re: [users@httpd] Re: phishing problem

2011-07-12 Thread Edgar Frank
Am 12.07.2011 21:40, schrieb Frank Bonnet: I think effectivelly users's requests have been redirected to the hacked servers ... Checked the access logs? If it's another server issuing the requests you could notice by the the request IP addresses. Otherwise, use only a HTTPS login - don't offer

RE: [users@httpd] Re: phishing problem

2011-07-12 Thread Ashwin Kesavan
Answers inline -Original Message- From: Patrick Proniewski [mailto:patrick.proniew...@univ-lyon2.fr] Sent: Wednesday, July 13, 2011 2:34 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Re: phishing problem On 12 juil. 2011, at 21:40, Frank Bonnet wrote: > I think effective

Re: [users@httpd] Re: phishing problem

2011-07-12 Thread Patrick Proniewski
On 12 juil. 2011, at 21:40, Frank Bonnet wrote: > I think effectivelly users's requests have been redirected > to the hacked servers ... so it's not a phishing, it's more like a man-in-the-middle, or a DNS cache poisoning... The only way for you to know what happens is to act as victims do (doin

Re: [users@httpd] Re: phishing problem

2011-07-12 Thread Frank Bonnet
I think effectivelly users's requests have been redirected to the hacked servers ... I wonder how they do that because users access directly to those servers ... they do not click in a fake email or anything like that , those servers are well known of our users , the extranet and one webmail hac