Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition

["Jeff Plewes" <plewes () gmail com>]

To clarify on some facts:

- yes the box was burned (brand new hardware..  fresh install centos5,
minimal packages)..  Only the virtualhost data was migrated.
- updates done via yum package manager with default sources
- php compiled from source from ca3.php.net
- there are about 40 customers on this box with virtualhosts
- all machines behind the firewall on the public vlan are ours
- DNS is also housed by us..  1st and 2nd on Bind 9.

1) If restarting httpd temporarily(days) resolves the problem..  then
DNS is not the issue.
2) No proxy servers between client where problem is noticed and server
which is compromised.
3) If the problem existed before with another disto, php and apache
version....   then it must be customer data which can be exploited
remotely?

Time to go through each customer and find the offender.

-Jeff

On Jan 23, 2008 5:11 PM, Florian Weimer <fw () deneb enyo de> wrote:
> * Jeff Plewes:
>
> > This issue was happening on the same box when It used to be apache
> > 2.0.56, php 5.1.0 running redhat 9.  upgrading the distribution,
> > apache, php etc has so far not resolved the issue.
>
> It could be something afoul with the network on which the machine is
> located.  Have you check this?  For instance, does it provide proper L3
> separation among different customers?