Security

Stopping Open Recursion Name Server Attacks

I received an ominous e-mail from my server host Thursday: The DNS service(s) on your server are currently open to recursive queries from the world, leaving them vulnerable to DNS cache poisoning attacks and allowing them to be used to attack other sites. Your server was reported participating in an outbound DDoS attack through means of this vulnerability by an attacker. Please ensure that recursive lookups are DISABLED in yournameserver's configuration to prevent future abuse. If you need any ... (read more)

2006/03/12

Spammer Messes with My Headers

A few weeks ago, I mistakenly believed that I had closed a PHP mail form vulnerability that let spammers use my web server to send mail. Another batch of penis enlargement and phentermine pitches were sent through my server last night, which I discovered when "rejected bulk e-mail" bounces found their way to me. A spammer exploited a mail script I had written that coded the recipient address like this: $recipient = "info@ekzemplo.com"; I thought the script was secure because users couldn't ... (read more)

2005/12/07

Identity Thieves Mastered My Card

I just completed a 10-day ordeal dealing with fraudulent charges on two credit cards. On Friday Nov. 18, my card donated $1.89 to the Hong Kong chapter of the relief organization Médecins Sans Frontières. The following Monday, my wife's card spent around $190 with the Ito-Yokado retailer in Japan. These charges were discovered within 72 hours as I reviewed my MasterCard account online. I had just paid for wireless Internet access at a Disney World conference center on Nov. 20, and a day later ... (read more)

2005/11/29

Closing a PHP Mail Form Vulnerability

I wrote a PHP script that accepts e-mail from web site visitors using a feedback form. The script works with different sites, routing mail to the right inbox with a hidden field on the form: The who field doesn't specify an e-mail address, because that would be easy pickings for spammers. They crawl the web looking for e-mail scripts that can be configured to send e-mail to any recipient they specify. Instead, my script was written to send mail only to accounts on my server: $recipient = ... (read more)

2005/11/19

My Name Server is Totally Lame

I started the day with a dead name server that knocked more than 100 sites offline, including Workbench, the Drudge Retort and all of the Buzzword.Com bloggers. I've been using BIND for years and thought I had run out of interesting new ways to break it. Overnight, most name requests failed and my server log filled up with errors like this: lame server resolving 'www.cadenhead.org' (in 'cadenhead.org'?): 67.19.3.218#53 A lame server is one that's not responding to a name request it is expected ... (read more)

2005/11/04

Don't Fall for Scamazon.Com

Considering the sophistication of the scam e-mails that I've been receiving lately, there must be a huge black market in phishing, the practice of tricking people into revealing their passwords from ecommerce sites and banks. A phony Amazon.Com e-mail I received last night is pretty convincing: Dear Amazon member, Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning. Per the User Agreement, Section 9, we may immediately issue a warning, ... (read more)

2005/10/02

Political Site Slow to Disclose Credit Card Theft

There's an ongoing dispute between the right-wing group ProtestWarrior and a left-wing "hacktivist" accused of breaking in to their servers and accessing the credit card information of 5,000 customers of the group's online store. While that allegation is under investigation (no charges have been filed), ProtestWarrior makes an unusual admission: They discovered the possible theft of customer credit cards in February, but didn't tell any customers until July 5. The reason we haven't made this ... (read more)

2005/07/14

Serving Files with a Cache to Save Cash

Some podcasters and other publishers who serve large, high-traffic files have begun using the Coral service to keep from going offline or going broke. The iPodder client added support in March. Coral's a network of several hundred servers that can store and serve copies of any file on the web. To offer a file via Coral, all you have to do is add .nyud.net:8090 to the host name in its URL. Here's an example -- the trailer for the underappreciated Brat Pack thriller Bad Influence starring James ... (read more)

2005/05/14

Server Attacked at Random

My server has been under attack for three days by a user in Colorado who requested the same URL 8.3 million times (and counting). The user, making simultaneous connections from eight IP addresses in a block controlled by Time Warner Telecom, requested a URL on URouLette that redirects to a random web site -- as many as 30 requests a second to a PHP script that made a MySQL database connection. I'm guessing the motive was to acquire web addresses for e-mail harvesting or some other form of net ... (read more)

2005/04/06

Microsoft Bob icon

Rogers Cadenhead

Social Media

Mastodon

Mastodon

Subscriptions

Workbench RSS feed RSS Feed

Blogroll

Projects

Statistics

Line drawing of cowboy on horse

This blog has been published since Nov. 7, 1999 (a span of 8,935 days).

Thank you for visiting Workbench.

Drawing of an owl with glasses reading a book