cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Hacking / Hijacking / or OTHER ?

From: Botany <botany_at_strato.net>
Date: Fri, 23 Mar 2012 09:48:53 -0400

Bill, I certainly appreciate your detailed analysis. Your hypotheses and
conclusions are generally the same as the ones I had initially considered,
although yours are more authoritative and precise. The machine is a cloud
server which I created and configured. If the problem is within the server,
then I do have a problem! It may, however, be external, or semi-external,
like the "deliberate breaking of DNS" which you suggested. The machine is
somewhat highly configured, the DNS is hosted by the server provider, and
several third-party applications and extensions are running on it.

The reason I remain interested in this issue is because, as we well know,
malformed commands can sometimes be used to find security problems, and they
are often used by hackers to compromise systems.

An identical flavor base server I created on the same network does not
elicit the suspect output from the malformed curl commands. But this server
was not fully configured. I intend to use my backup images to restore the
server to progressively more recent stages of configuration, until I find
the point where the issue began, or determine that the issue emanates from
external sources ... if possible. This may take some time. I will post
what I find.

I fully realize that the suspect output in not directly related to cURL, but
merely tangentially so. It does, however, seem a very worthy mystery to
solve, one that may provide some diagnostic potential, or one that others
may accidentally encounter.

Once again, my sincere thanks for your generous and helpful assistance.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-23