Date: Tue, 07 Mar 2000 15:01:00 -0800 (PST) From: "Nicole Harrington." <nicole@unixgirl.com> To: isp-tech@isp-tech.com, freebsd-isp@freebsd.org Subject: Apache Hacking and Apparent Spoofing Problem Message-ID: <XFMail.000307150100.nicole@unixgirl.com>
next in thread | raw e-mail | index | archive | help
Greetings all I have an 2 apache related questions. Q1) The first one is that I have a customer whos server was/is getting hundreds of lines like: www.joelpass.com -> /oops.html in the referer log. the ooops page means they entered a bad passwd for entrance to the pay x-rated site on the server. All of this seems somewhat normal except the lack of httpd:// and the fact that there is no such domain as joelpass.com. So how is someone doing this? IE how do they get referer to show this fake ID? I thought it was dns based. DNS poisoning? They don't use their own dns, they use a major internet providors dns. EX: http://start.at/mega -> /~mega http://www.sterndevelopments.com/rankem/index.html -> /DGC.html http://search.yahoo.com/bin/search?p=hardcore -> /index.html http://start.at/mega -> /~mega/index.html http://profiles.yahoo.com/solacedenied_joel -> /index.html www.joelpass.com -> /oops.html www.joelpass.com -> /oops.html Q2) It seems that there is a website that is hacking into pay X-Rated sites and providing free access to them via a click through on their system and they are the ones responsible for the above. They seem to be offshore and their clickthrough refering sites seem to come from all over. Is there anyway to stop them? ( I like porn, but I also work for several pay sites that are getting hit pretty hard by these asses. their password guessing has created huge bandwidth spikes and if they guess one the site instantly becomes swamped) Any help would be greatly appreciatted. Nicole nicole@unixgirl.com |\ __ /| (`\ http://www.unixgirl.com/ webmistress@dangermouse.org | o_o |__ ) ) http://www.dangermouse.org/ // \\ ---------------------------(((---(((----------------------------------------- -- Powered by Coka-Cola and FreeBSD -- -- Stong enough for a man - But made for a Woman -- -- Microsoft: What bug would you like today? -- ------------------------------------------------------------------------------- -- As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. -- OWNED? MS: Who's Been In Your Computer Today? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000307150100.nicole>