We have a similar problem on one of our co-location servers:
- centos5 i386
- apache 2.2.3-11.el5.centos (2.2.6 backport)
- php 5.2.5 (compiled from source)
The issue appears at random.. when it is present, a request to the
web server will respond with a redirect to a spyware or malware
download site. This will continue to redirect 10% of the traffic to
the box until httpd is restarted. The redirection script is not found
in any file on the server filesystem and believed to be injected into
the response stream via a compromised httpd process in memory.
This issue was happening on the same box when It used to be apache
2.0.56, php 5.1.0 running redhat 9. upgrading the distribution,
apache, php etc has so far not resolved the issue.
At this point we are upgrading to apache 2.2.3-11.el5.centos.3 (2.2.8
backport) in hopes that the recent security patches in this build
relating to XSS will solve the issue.
I would really like to find the source of the problem, though.
-Jeff
On 22 Jan 2008 00:55:30 -0000, <ponchovaldes@gmail.com> wrote:
Hello guys, we have a social network that is getting stronger, but we are
having an issue.
And the issue is that Sometimes... our page redirects to another Portal,
actually the page that redirects is our first competition,here in Latino
America, i know that they are causing that kind of mess.. so we thought in
this.
- We know that our DNS server is ok, and havent been compromised,
- DNS cache poisoning
- Malware ?
- some kind of virus that the guys(bad) made. ( the other portal - social
network-)
- Other soolution? sue them?
HElp guys.. this thing is taking out alot of users :(
thanks in advance!
Cheers from México
