Atlanta Data Center Website Hacked?

Ubuntu users, can you visit http://atlantanap.com?

On windows and mac we see the site just fine.

but on (3) ubuntu machines, (2) different networks and Chrome or Firefox we see cialis ads.

http://pastebin.com/ccsNwv3f

6 Replies

@Guspaz:

snip

1. linode servers are there so it would be a concern.

2. this forum has linux users - so it would be a good sounding board.

but thanks for the help.

It appears to depend on the User-Agent sent with the request.

curl -i website, reveals pages of ad text

while curl -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" -i website, does not

I don't know if that means they have been "hacked" but it is an interesting thing nonetheless.

I did more investigating, those ads are only displayed if the User-Agent contains the word "linux".

Yeah, I see the same with Fedora 15 and Firefox 6. When I switch UA to IE 8, it disappears.

I bet it's hacked.

Thanks for the verification guys!

Those are some funky doctype and namespace declarations at the top. Looks like s/xhtml/atlanta/g. Any idea why that would ever happen?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct