Re^2: Perl's Chip Salzenberg Sued, Home Raided

And there I was surprised to find that they were running a freshly installed Mandrake 9.2 with bizarelly identical apache configuration to mine:

Server: Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.12.92md
+k) mod_perl/1.99_09 Perl/v5.8.1 mod_xslt/1.0.5a mod_ssl/2.0.47 OpenSS
+L/0.9.7b DAV/2 PHP/4.3.2 Catacomb/0.8.0 mod_mono/1.0.5
[download]

They had taken a rather strange scorched earth approach to defending themselves from being slashddotted:



; <<>> DiG 9.2.3rc2 <<>> www.hmsonline.com any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59083
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
 
;; QUESTION SECTION:
;www.hmsonline.com.             IN      ANY
 
;; ANSWER SECTION:
www.hmsonline.com.      2525    IN      CNAME   mosquito.hmsonline.com
+.
 
;; AUTHORITY SECTION:
hmsonline.com.          2525    IN      NS      den-sns-02.inet.qwest.
+net.
hmsonline.com.          2525    IN      NS      phosphorus.hmsonline.c
+om.
hmsonline.com.          2525    IN      NS      silicon.hmsonline.com.
hmsonline.com.          2525    IN      NS      dca-sns-01.inet.qwest.
+net.
hmsonline.com.          2525    IN      NS      den-sns-01.inet.qwest.
+net.
 
;; ADDITIONAL SECTION:
silicon.hmsonline.com.  2525    IN      A       67.132.206.14
phosphorus.hmsonline.com. 2525  IN      A       67.132.206.15
 
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul  1 11:46:29 2005
;; MSG SIZE  rcvd: 226
 

[jonathan@orpheus mirror]$ dig  mosquito.hmsonline.com a
 
; <<>> DiG 9.2.3rc2 <<>> mosquito.hmsonline.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10447
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
 
;; QUESTION SECTION:
;mosquito.hmsonline.com.                IN      A
 
;; ANSWER SECTION:
mosquito.hmsonline.com. 2477    IN      A       127.0.0.1
 
;; AUTHORITY SECTION:
hmsonline.com.          2477    IN      NS      phosphorus.hmsonline.c
+om.
hmsonline.com.          2477    IN      NS      silicon.hmsonline.com.
hmsonline.com.          2477    IN      NS      dca-sns-01.inet.qwest.
+net.
hmsonline.com.          2477    IN      NS      den-sns-01.inet.qwest.
+net.
hmsonline.com.          2477    IN      NS      den-sns-02.inet.qwest.
+net.
 
;; ADDITIONAL SECTION:
silicon.hmsonline.com.  2477    IN      A       67.132.206.14
phosphorus.hmsonline.com. 2477  IN      A       67.132.206.15
 
;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul  1 11:47:17 2005
;; MSG SIZE  rcvd: 224
[download]

He heh

/J\

Comment on Re^2: Perl's Chip Salzenberg Sued, Home Raided Select or Download Code

Replies are listed 'Best First'.
Re^3: Perl's Chip Salzenberg Sued, Home Raided by halley (Prior) on Jul 01, 2005 at 13:47 UTC
And for those of us who don't read 'dig' output and Apache configurations in the same way that we read, say, an Agatha Christie novel, could you tell us the significance of these forensics? -- `[ e d @ h a l l e y . c c ]`	[reply]
Re^4: Perl's Chip Salzenberg Sued, Home Raided by gellyfish (Monsignor) on Jul 01, 2005 at 13:59 UTC
Er, the reason that it appeared the same as my apache is because it was my apache, www.hmsonline.com was at that point resolving to 127.0.0.1. It appears they may have put it back again now however. /J\	[reply]
Re^4: Perl's Chip Salzenberg Sued, Home Raided by 5mi11er (Deacon) on Jul 01, 2005 at 14:04 UTC
And in case it's still not clear, the address 127.0.0.1 points you back to your own machine.	[reply]