|
|
August 25, 2011
Sometimes I'm so tempted to to do this: Block China Web Traffic IP Addresses and Chinese Hackers.
Of course if everyone blocked everyone else indiscriminately that would go against the spirit of the Internet.
What's needed is for the ISPs to get off their lazy and greedy butts and block attacks at their sources.
Certainly a bunch of zombies (unwitting users with infected machines) will be caught in the dragnet too, but they can be contacted and urged to clean up their machines before they're allowed back on.
It'll be good for us, it'll be good for them, it'll be good for the Internet.
August 14, 2011
To the couple of visitors of this website, I'm sorry for the 2-day outage earlier this week. It was a DDOS (distributed denial of service) attack and I never found out who was behind it and why.
The problem started in the early morning hours with an outage alert from the remote monitoring service. The site was down and the server wasn't even responding to SSH login. Jumping directly on the server, I could already tell something was wrong by the loud sound of the fan. Indeed the load was in the 40's when it usually hovers around 0.25 and inbound traffic utilization was at saturation levels.
Realizing that I've been wrong on blaming server issues on attacks, I did what every server admin does at the first sign of trouble, reboot. No dice, the server load soon went sky-high again. So I blocked outside connections to apache and started running some simple tests to check the server health. CPU, RAM and IO checked out fine under some local test load. No, this was something else. The logs finally indicated the problem:
-- possible SYN flooding on port 80. Sending cookies.
Looking at the connections (using netstat), there were hundreds of SYN_RECV records hanging around from various IP's. Obviously the server was under a SYN flood DDOS attack. Using iptables to block the offending IP's was no help. Most likely the ip addresses were fake and combating them was like fighting a tidal wave.
The attack continued throughout the day with no relief and finally in the evening I contacted my ISP to see if they can rescue me. I didn't have much hope, but I almost lost it when the technician asked: "Huh? You have a sink flow attack? Could you spell that?" So much for tech support.
My best option was to lay low and take the abuse and hope the attacker(s) will get bored and move on. And that's exactly what they did. Almost as fast as it started, the attack stopped in the wee hours of the second day and I could finally bring the server back online.
Moral of the story, DDOS attacks are tough enough to combat for big shops. Small guys like me don't stand a chance against them. The best solution is to wait them out and hope the attacker moves on. Also small sites aren't lucrative enough to get expert support from their ISP's. The best that can be hoped for is to ask the ISP for a new set of IP's and still there's no certainly that'll stop the attackers.
As for this attacker(s) and their intent, it remains a mystery. Perhaps it was a script kiddie rolling through a bunch of victim hosts, or someone testing an attack platform or algorithm, or a mistake specifying a domain or IP in the attack vector. This site is just too small for bragging rights or boosting egos. There are much tastier targets out there for attackers to prove their expertise and flaunt their skills. Then again why use your smarts to attack sites instead of doing something constructive?
June 6, 2011
My admiration to Google for standing up for what's right. Even in the face of Chinese retaliation, Google has gone public with the revelation that the hacking activity of Gmail accounts had a Chinese connection.
The allegations are as of yet uncorroborated, but Google deserves much credit for standing up to China when there's evidence of wrong-doing.
We'll see how far Google is willing to go on this issue before it permanently damages its prospects in China. But for me, Google's stance has elevated its stature and image.
China paper warns Google may pay price for hacking claims - Technology & science - Security - msnbc.com.
December 14, 2010
Today, out of curiosity, I downloaded the hacked Gawker files from The Pirate Bay. I'm not sure if I broke any laws by doing that, but I was only interested in checking out their PHP source files. You can learn a lot by looking at production code other than your own.
While my intentions were harmless, I'm sure many others downloaded the files for more sinister purposes. I was blown away by the size and scope of the membership file dumps. There are thousands and thousands of records of login name, passwords and emails. One of the first things the bad guys will do is to try breaking into the members' bank accounts, email accounts, and Facebook, Twitter, Amazon, and eBay accounts since many tend to use the same password everywhere online.
I hope people change their passwords quickly enough to mitigate the damage from the criminals, but there is one damage that will be hard to contain, and that is the sheer number of valid emails that spammers will promptly exploit.
Granted, most emails appear to mysteriously land in spammers' databases almost as soon as they're created. Nevertheless, even those users who guard their emails tooth and nail, had better be ready. If they had a Gawker account, they will be getting valuable offers from a number of spammers real soon.
May 16, 2010
 The email came at night, but it wasn't completely unexpected. In a terse missive, Amazon accused me of violating their Terms of Service (TOS) and terminated my account. Reasons given: copying pages and links to other sites and search engines. In other words spamming other sites with specific Amazon links tagged with my id to collect commissions.
I have operated my two sites (hashemian.com and padfly.com) for over a decade with a couple of different associate and affiliate programs. I probably have too many ads on my pages, but I have been careful to stay on the ethical and moral side of the fence. Fairness and respect to my visitors have always trumped making a quick buck or a large sum for that matter. Good reputation is worth way more to me than money.
I have never copied a page nor parts nor links containing my Amazon account data anywhere outside of my own sites - never, not even once. There have also been no schemes to push any links onto search engines. My sites are crawled and pages are indexed normally by search engines. But Amazon simply accused me of being unethical and took punitive steps.
So how did I know that I'd be receiving a termination notice from Amazon at some point? This past Christmas season there was a marked increase in sales and therefore higher commissions in my Amazon account. I attributed that to the season, luck and some validation after years of being online. As months rolled on, the sales continued to stay positive and I became certain that Amazon would not be pleased and they would eventually pull the plug.
For a long time I have suspected that Amazon disapproves of any associate who wields too much selling power. Such an associate can materially influence sales numbers and that's not welcome news to Amazon. So Amazon has created a clever TOS for its associates program that allows them to terminate anyone at anytime. Why even have a TOS when the program is free? That protects Amazon against possible lawsuits such as those for discriminatory practices. The TOS rules are nitpicky enough that at no time any of their associates are in complete compliance. One link appearing on another site is enough to violate the TOS. I'm certain that I was in violation since day one. But it took them 6 years to suspend my account.
As long as the associates make a paltry earnings from the program, Amazon is willing to let the violations slide. But when an associate surpasses certain figures, then a quick notice of TOS violation is given and the associate is terminated. No one but Amazon knows what those figures are and how they are applied, but they do exist and they are applied. And that's how I was terminated from Amazon associates.
The most damaging part of the notice to me was the accusation of being unethical, just a simple and cold assault on my reputation. Now, I realize that no one cares about my situation and people would just dismiss this as a another scammer's rant. I don't mind. People don't know me, so why should they believe my story?
But people should at least believe this part. As a part of my account termination, Amazon also seized all commissions earned. They would also continue to keep future commissions from any sales related to my links. It's not much money, but if these were indeed ill-gotten gains, then a responsible company and an ethical corporate citizen would not keep them nor would they keep any profits from the sales. They would at the least donate them to a good cause. A charity for fighting hunger and poverty, educational programs for under-privileged children, or organizations combating diseases such as cancer. Instead, Amazon simply and silently pockets the money for itself.
If cops busted a suspected drug dealer, is it right for them to kill him and pocket whatever money they found on him? Is it OK if they sold the rest of his stash on the streets and kept the profits? It's an exaggerated comparison, but I don't think that would be right. i don't know, maybe I have a warped perception of ethics.
March 25, 2009
A couple of years ago a few sites started collecting answers to a few personal questions. The idea was to strengthen security by integrating a few personal questions to the authentication process. It also would help unlock accounts in case users forgot their passwords. After all the questions were private enough that only the account owner would know the answers.
Nowadays it seems like every site is requesting personal and private information as a means of beefing up security. But I wonder if the security proposition is any longer valid.
You've seen these questions before:
- What is your mother's maiden name?
- What is your favorite pet name?
- What street did you grow up on?
- What was the name of your elementary school?
- What city were you born in?
- What was your first car model?
With so many sites storing so much personal information about you, is your privacy and security any longer assured? What guarantees do you really have that these responses will remain private and out of reach of prying eyes? Who knows what kinds of people have access to these responses. Are the responses encrypted? Are they shielded from the companies' personnel? Are they safe from hackers and snoops? Besides how secure can these responses be when so many people choose to reveal personal information on their blogs, forums, or Facebook accounts?
Most likely these responses are given less protection than login names and passwords as they are generally the second line of defense in authenticating users. Once site operators have access to these private responses, it won't be too difficult for one bad apple to use them to gain access to your other accounts. Some guesswork and social engineering is involved but since when that stopped determined account thieves.
Maybe I'm just too paranoid, but it seems to me that the enhanced security gained through personal responses is just an illusion and the convenience of password recovery is not worth the risk. In fact it may be worse than just the traditional login and password. At least you are not giving away personal details about your life to some faceless site. Nor will your accounts be compromised on the basis of a few answers which may be easily obtained on Google.
web security,hacking,authentication,passwords
August 28, 2008
While programming is my main focus at my company, one of my side jobs at work is networking. I have no complaints as I'm curious and interested in the inner workings of computer networks. Our IT department handles most of the networking tasks, but I usually find myself getting involved in setting up connectivity in the company. Whether it's a firewall, a router, a reverse proxy, or a DNS server, I find the networking field too fascinating to ignore.
That's why when the latest DNS vulnerability, discovered by Dan Kaminsky, came to light in April 2008, I began investigating our DNS servers to determine the risk factors. Dan's site contains a simple tool to assess the risk and it identified all of our caching DNS servers as vulnerable. A patch from Microsoft took care of our Windows-based DNS servers, but there was also a Fedora server in the mix running an old version of BIND that needed attention. Patching that server would have required upgrading to a newer version of Fedora.
I knew I could buy some time using the safety-in-numbers logic, but today I finally decided to tackle that server and plug the hole. My intention was to install the newest version of Fedora (version 9) on a new hardware and then add a patched version of BIND on top. BIND is a great name server product but it has a large footprint that seems like an overkill as a caching server. There are several other free DNS products out there so I began to look for an alternative.
My search eventually led me to PowerDNS (PDNS) and I decided to give that product a try. After installing Fedora 9 on the server, I downloaded the latest RPM of PNDS and promptly installed it on the server. PDNS comes in two flavors. The authoritative version and the caching version, known as Recursor which is the one I was interested in. The install was a breeze and the configuration was as easy as importing some of the data from the old BIND server and making some quick edits to the recursor.conf file. A server restart to make sure everything is in order, and I had the new caching server up and running, resolving names.
PDNS has been free of the DNS cache poisoning vulnerability for a few years now, and Dan's site confirmed that the new server was indeed running at much safer levels.
There is little doubt that the bad guys are hard at work to poison as many DNS servers as they can get their hands on. If your unpatched servers haven't been targeted yet, it's only a matter of time before they are. Whatever method or product you use to avert this risk, the sooner you do it, the better. As a quick alternative, you can use one of several free and already safe services like the one offered by OpenDNS.com as direct name servers or as forwarders on your caching servers.
dns,dns vulnerability,dns hack,fedora,bind,powerdns,opendns,networks,named
December 13, 2007
Like most people who have a Web site I check my site's ranking on Google SERPs (Search Engine Results Pages) from time to time. It's striking how much of a Website's life depends on Google. That's particularly true with smaller sites whose lifeblood is the traffic Google sends their way. But even bigger sites would suffer severely if their pages suddenly lost ranking in Google. Sure there are other search engines like Yahoo and MSN, but enough about those.
And so when a couple of days ago I noticed that my site's traffic had a noticeable drop in traffic, the first place I looked for diagnosis was Google. Sure enough, my site's pages where either non-existent or had dropped considerably in ranking. I know that compared to other sites, my traffic is but a drop in a proverbial bucket, but even so the realization of lost ranking made me concerned. I can only imagine how those people, whose living is tied to their traffic, may feel when Google starts to snub their sites. the results could be devastating.
Had I violated any one of Google's quality guidelines? Had I engaged in any activity that might have blacklisted my site? I was stumped. I hadn't made any design changes to the site that I could recall. I even tested my site for unintended search engine spamming using a couple of different online tools. One claimed I had hidden text on my pages. They were light-colored timestamps on a colored background. Just for insurance I changed them to a darker color. It also caught what it regarded as keyword stuffing. The culprit turned out to be whitespace characters ( ) with missing trailing semi-colons. So at least I got to fix this error on my site, and then I just moved on.
Today, inexplicably my site's ranking in Google SERPs seems to be back where it used to be. Could this have been the result of those minor changes? I don't think so. Most likely, the drop was due to some temporary event in Google's algorithm.
What's alarming is that Google is not just influential, but it's vital to so many. Where can one go to if they are unfairly treated? Who will listen? This is not a paid service, there are no SLAs (Service Level Agreements), contracts, or even tenuous promises. Mine is just a hobby site. Being present in Google is great, but I'd still be doing this even if my site wasn't included. I don't think my attitude would be the same if I were making a living off my site.
I can appreciate that Google has the enormous task of separating the good sites from the bad. But with that much power and reach, it is inevitable that many innocent sites will be inadvertently punished. Consider how things would be if there were only one powerful and unregulated credit agency with two marginal ones, instead of the three with equal standings today.
google,search engines,seo,serp,spam,page ranking
July 15, 2007
 Sites, specially news-related or educational, usually cram their homepages with links to various sections and freshly updated pages. In that regards those homepages are portals into the rest of their respective sites where the real content resides.
That's all fine and good until they display links from those sections that the site maintains little control over. Forums, for example, are one these notorious areas trolled by spammers and jokers. The problem is that by nature they are supposed to be democratic. Pre-moderated forums generally suffer from anemic posts and little lively action. On the flip side, unmoderated or post-moderated forums spur real-time discussions, but invite nuisance posts.
This is depicted in the image grab from the homepage of devx.com, a development site frequented by programmers and, in this instance, linking to a prankster's or a spammer's post in one of their forums. The offending post was removed at some point, but the orphaned link remained on the homepage until it was pushed out by newer links.
homepages,forums,spam posts
May 13, 2007
A few days ago in a blog entry I touched upon how search engine gamers had been able to use trusted domains and the 302 redirect trick to fool search engines into giving them higher rankings. That window of opportunity is all but closed now, but scammers still use the redirect hack to aid them in their phishing expeditions. They are able to foist their tricks on their unsuspecting victims using two main avenues consisting of spam emails and spam posts.
Suppose you receive an email with the following embedded URL:
http://www.ygdte682hdfajh1a.com/offer.htm?url=http://example.com
Would you click on this email? Most likely not, and nor will many others. You just can't tell who that weird URL belongs to, so you would skip over it. Now consider the following URLs:
http://froogle.google.com/%66%72%6F%6F%67%6C%65%5F%75%72%6C?%71=%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36
http://www.aol.com/%72%65%64%69%72%2E%61%64%70?%5F%75%72%6C=%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36
http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&loc=http://us.ebayobjects.com/2c;47586106;12593038;l?%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36
Notice how the URLs indicate domains from Google, AOL, and eBay. Some people may still be skeptical about clicking, but others may not be so paranoid. After all those domains emanate from highly trusted sources. The URLs have some encrypted data, but we are all accustomed to seeing long URLs on various sites, and might attribute that to strong security.
This is no trick. Those pages are indeed legitimate pages from well-known sites. But they are specially crafted pages to redirect users to other destinations. They were most likely designed to be used by their respective sites themselves and for other legitimate uses from the outside. But in this case they were hijacked to gain users' confidence prompting them to dutifully click on them. For these samples, users are safely redirected to example.com, but they could have been redirected to a wicked phishing site instead.
Phishers also post the same types of links on various online boards, article sites, or other user submission areas, and they can gain users' trust just the same. Why wouldn't these links be automatically filtered by email servers or web sites? For the same reason average users see no threat in them. Filters might block or distort links they do not recognize, but many may give these links a free pass, convinced that they are from highly trusted sites and are therefore innocuous.
Some well-known sites have started to take defensive measures to foil these types of redirect tricks, but abuse-ready redirect pages still abound. So the next time you come across these types of links in a spam email or on a site, think twice before clicking on them. They may just be the bait-and-switch kind.
http redirect,phishing,hackers,spam
Older Posts »
Powered by 
Read Financial Markets |
Home |
Blog |
Web Tools |
News |
Articles |
FAQ |
About |
Contact
© 2001-2012 Robert Hashemian
|
|
Liked this page?
Please consider creating a link to it
from your Web site.
|
|
|
r!ncRbBPwbNwsjS!~~_35.JPG)
NBPv5)ozWrw~~_35.JPG)
