Start there. Then look at the news about the BIND vulnerability. Is your DNS recusrsive is the question you need to ask. If you were running a user box I'd be telling you to run hijack this and take a hard look at the results -- if you get totally stuck it can't hurt. It jst tells you what processes are running on the box and where your installation is non-standard. Where it is, you are fine if you did it and know why. If you don't... suspicion is high.
On Tue, Jul 29, 2008 at 7:38 PM, morchella <[EMAIL PROTECTED]> wrote: > actually.. > like 12 domains came up for renwal recently > think we got them all... > i hope > > On Tue, Jul 29, 2008 at 9:01 PM, Jim Davis <[EMAIL PROTECTED]> wrote: >>> On Tue, Jul 29, 2008 at 3:22 PM, morchella wrote: >>> > hey guys >>> > one of my it guys just noticed a seldom used domain is trying to >>> > install malicious stuff, and redirecting to ringtones . com >>> > >>> > boss wants me to figure out how. >>> > super slammed. >>> > so i just moved every thing into a sub folder and got ride of >>> allowing >>> > default pages other then .cfm >>> > in iis >>> > and then redirected the site to another of our sites, till i have >>> time >>> > to look through code... >> >> Maybe a silly question, but are you sure the bad information is actually >> coming from your server? >> >> Have you made sure that the domain wasn't poached (little used domains are >> sometimes forgotten when it comes time to pay the bills)? That the DNS >> entries still point to your server? >> >> You've probably already done this, but before you check your server always >> ensure that it's your server that actually needs checking. ;^) >> >> Jim Davis >> >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:264953 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
