RE: Possible hack? Images replaced on proxy server

The no cache metatag will work some of the time, but IE 5.x browsers had some issues with caching, and some times don't recognize the tag at all. For .net Response.Expires = -1; will insure that caching won't occur even if the user has their browser set to always load from cache. I think in ASP it's similar, but it's been a couple years since I've worked with it.

The no cache is a quick-fix, however it will needlessly increase your bandwidth usage, and your clients. As long as the images are ok on your side it's really not your problem. You should contact the Admin of the proxy in question, and let him know what's going on. Talking to your boss, and CC'ing him will also help you cover your ass. Good luck,

Stephen Savage

-----Original Message-----
From: David Hodges [mailto:dhodges@outermost.com] Sent: February 9, 2003 12:34 PM
To: webappsec@securityfocus.com
Subject: Possible hack? Images replaced on proxy server

I am responsible for several ASP and ASP.Net web sites that are hosted at
an independent ISP. These sites were developed for a corporate client which
has its own corporate network and firewall, completely separate from the

ISP where these sites are hosted.

The other day, an employee of this corporation was surfing our site from

within the corporate firewall and found one of our images was coming up as
a porn image! Another employee was able to verify this.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Then we found that other images were coming up with no content, or as horizontal bars of color.

These problems are not occurring outside the corporate firewall; and the
source images, on the server at the ISP, are fine. Only people behind this
firewall see these bad images.

I suspect someone has hacked the corporate proxy server but I have no way
to know for sure. I am in somewhat of a panic because naturally it does not
reflect well on my little company to have porn images coming up on sites we
develop.

I renamed the image in question and changed the IMG tag in the html, which
fixed the problem for the time being. But I am worried about future.

Would a META HTTP-EQUIV="Pragma" CONTENT="no-cache" tag help?

What else can I do to prevent this, and, what can be causing this?

Thanks,
David Received on Sun Feb 9 12:17:24 2003