in reply to Perl's Chip Salzenberg Sued, Home Raided

I just went to Health Gestapo Science, to see who they were, and they refused connections. Uh oh.
I'm not really a human, but I play one on earth. flash japh
  • Comment on Re: Perl's Chip Salzenberg Sued, Home Raided

Replies are listed 'Best First'.
Re^2: Perl's Chip Salzenberg Sued, Home Raided
by gellyfish (Monsignor) on Jul 01, 2005 at 11:50 UTC

    And there I was surprised to find that they were running a freshly installed Mandrake 9.2 with bizarelly identical apache configuration to mine: 

    Server: Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.12.92md
+k) mod_perl/1.99_09 Perl/v5.8.1 mod_xslt/1.0.5a mod_ssl/2.0.47 OpenSS
+L/0.9.7b DAV/2 PHP/4.3.2 Catacomb/0.8.0 mod_mono/1.0.5

    [download]
    They had taken a rather strange scorched earth approach to defending themselves from being slashddotted: 
    

; <<>> DiG 9.2.3rc2 <<>> www.hmsonline.com any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59083
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
 
;; QUESTION SECTION:
;www.hmsonline.com.             IN      ANY
 
;; ANSWER SECTION:
www.hmsonline.com.      2525    IN      CNAME   mosquito.hmsonline.com
+.
 
;; AUTHORITY SECTION:
hmsonline.com.          2525    IN      NS      den-sns-02.inet.qwest.
+net.
hmsonline.com.          2525    IN      NS      phosphorus.hmsonline.c
+om.
hmsonline.com.          2525    IN      NS      silicon.hmsonline.com.
hmsonline.com.          2525    IN      NS      dca-sns-01.inet.qwest.
+net.
hmsonline.com.          2525    IN      NS      den-sns-01.inet.qwest.
+net.
 
;; ADDITIONAL SECTION:
silicon.hmsonline.com.  2525    IN      A       67.132.206.14
phosphorus.hmsonline.com. 2525  IN      A       67.132.206.15
 
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul  1 11:46:29 2005
;; MSG SIZE  rcvd: 226
 

[jonathan@orpheus mirror]$ dig  mosquito.hmsonline.com a
 
; <<>> DiG 9.2.3rc2 <<>> mosquito.hmsonline.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10447
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
 
;; QUESTION SECTION:
;mosquito.hmsonline.com.                IN      A
 
;; ANSWER SECTION:
mosquito.hmsonline.com. 2477    IN      A       127.0.0.1
 
;; AUTHORITY SECTION:
hmsonline.com.          2477    IN      NS      phosphorus.hmsonline.c
+om.
hmsonline.com.          2477    IN      NS      silicon.hmsonline.com.
hmsonline.com.          2477    IN      NS      dca-sns-01.inet.qwest.
+net.
hmsonline.com.          2477    IN      NS      den-sns-01.inet.qwest.
+net.
hmsonline.com.          2477    IN      NS      den-sns-02.inet.qwest.
+net.
 
;; ADDITIONAL SECTION:
silicon.hmsonline.com.  2477    IN      A       67.132.206.14
phosphorus.hmsonline.com. 2477  IN      A       67.132.206.15
 
;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul  1 11:47:17 2005
;; MSG SIZE  rcvd: 224

    [download]
    He heh

    /J\

[reply]
[d/l]
[select]
      And for those of us who don't read 'dig' output and Apache configurations in the same way that we read, say, an Agatha Christie novel, could you tell us the significance of these forensics?

      --
      [ e d @ h a l l e y . c c ]

[reply]

        Er, the reason that it appeared the same as my apache is because it was my apache, www.hmsonline.com was at that point resolving to 127.0.0.1. It appears they may have put it back again now however.

        /J\

[reply]
        And in case it's still not clear, the address 127.0.0.1 points you back to your own machine.
[reply]

In Section Meditations