Tuesday, October 31, 2006

Codecs, Drivers, and Kapersky

Fake Codecs and Kapersky - written by hackers?

Here's something more about fake codecs and driver security hacks: Fake Codecs

I've wondered about the potential security issues with drivers for quite some time.

A note on Kapersky: Since it recognizes this hack and was used in some very sophisticated hacking in commercial software server abuse (see a recent post on a hack that installs it's own virus checker) I am wondering more and more about the virus scanner.

So I read more about it: This company seems to be "headquartered" in a number of countries all over the world, listing Russia first. I read that they have since moved headquarters to England and a visit to their web site reports a US address.

I bet it is the best virus checker out there...that doesn't mean I'll use it.

Let's say someone wanted to infiltrate the most protected and secure machines around the world? What would be the most effective way to do that?

Think Trojan horse.

Write the software that is protecting them of course.

Just a twisted idea for a movie plot.

Instead of making the world hate them - by sneaking things onto their machine or creating PR nightmares such as this supposed FBI Keylogger (Magic Lantern) has done -- the world loves them...and invites them in...yes protect my computer!

Here's a twisted thought: What if Kapersky likes the idea that Microsoft is blocking out anti-virus checkers from other vendors:

Kapersky says Vista doesn't block out anti-virus vendors

I did some research on Kapersky just for fun...I'm sure all security software has bugs but here's what I found...

Kaspersky Anti-Virus cab.ppl CAB Archive Handling Overflow
A remote overflow exists in Kapersky Anti-Virus. The 'cab.ppl' engine fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted CAB archive, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Kapersky Buffer Overrun

"The recent compromise at Kapersky Labs, in which subscribers were potentially duped into accepting fake updates which contained the Bridex Worm, demonstrates the critical importance of this enhanced approach to update security," said John Sharp, president and CEO of Authentium in a statement...Kapersky fake downloads

Something that someone else will need to interpret Congrats, you've detected Kapersky AV

Here's another article worth a look - on security problems with your anti-virus software. One of the problems with Panda could leave your machine open to a complete take-over by a hacker. A seemingly innocent error...

Security problems in Security Software

Who's auditing the virus scanners and security software?

And who's to say all distributions of a particular software are the same?

And who's to say things aren't hiding in plain sight?

Ok yeah it's just a thought. Just kidding. Kind of.

Verify, validate, audit.

Thursday, October 26, 2006

How much of your traffic is HUMAN?

I just did an analysis of my web traffic to see how much of it came from valid potential purchasers of our products and services collectively and how much of the traffic came from some sort of automated mechanism - bots, robots, spiders, programming libraries, widgets and unidentified surfing objects.

60% of the traffic was from machines. Non-human beings. Non potential sources of income. Of course the search engines are helpful in getting traffic to us and some was our monitoring system, but 60%?? That is a lot of wasted bandwidth because not all those search engines are at all helpful. Some are actually malicious.

Monday, October 23, 2006

Stock Spam

I've written about a lot of problems related to dlls and spam spewing out of my servers. Maybe this was the source:

A hack with it's own virus checker

This piece of malware is spewing out all that stock spam you've possibly been seeing lately with some pretty advanced tactics.

The article states that the trojan uses peer-to-peer technology to communicate with command and control servers, however it does not tell you how it got on the box in the first place.

This software is making some use of dlls...a major annoyance if you read my previous posts.

Sunday, October 22, 2006

Stock Picking Service - Internet Influence?

I got a request from someone to help them market a stock picking web site. I am not yet completely sure what it is and how he makes his money. He sells a newsletter on one site and gives it away free on another site.

While researching the customer I found that there are a bunch of spam like stock postings with some apparently somewhat useful information but I am not quite sure yet if it is clearly spam or just a feeble attempt at marketing.

Then I notice this other guy's name all over related to the guy who made me the request. So I go check out the other guy's web site and he's got this video of himself and a clearly used-car salesman looking site guaranteeing people they will make money using his stock analysis / picking service.

So I start to ponder whether these guys are legit or not and then it hits me. The first guy wants me to get people to sign up for his free newsletter at 1000 people per day. In one month that would be 30,000 people.

If he says "buy this stock" and 30,000 people buy the stock - what effect will that have on that particular stock? If he says sell....

I am not sure exactly how many people it would take to influence a stock but the thought is somewhat interesting. L. Ron Hubbard, founder of Scientology and author of Dianetics, was quoted as saying "if you want to make a little money, write a book. If you want to make a lot of money - create a religion" (according to my professor of comparative religion in college). I found a reference to the statement here. That always fascinated me - that he said it, did it- and people still follow this religion even though his motivations are blatant.

The same principle kind of applies here. If you can get thousands or even millions of people to believe you have magical stock picking ability and some incredible "magical" software that helps you pick stock - and then you tell all your believers to go buy or sell something - you may be able to influence the market. And guess what. You believe in yourself too in that case...Because you know what will happen when you say "go".

Friday, October 20, 2006

Microsoft Vista Driver Authentication

In this article a Singapore security expert shows how Microsoft Vista correctly blocks a malicious driver attack, and yet how other vulnerabilities exist in the driver security process added to the operating system. Microsoft Vista driver authentication

At least I applaud Microsoft for making attempts to resolve this problem but it looks like they still have a ways to go.

My friend from Microsoft just warned me that Vista's new security model is not good, however he didn't say why. He was in the past working on something to control driver security and completely frustrated with Microsoft and his job. He used to work with really smart people and sounds like they left one by one and no one wants to solve the "really hard problems". Could it be that Microsoft is infiltrated with people who do not want to solve these problems? Or is it that they just don't want to take the risk of doing something extremely complicated and have it exploited and put their heads on the chopping block at Microsoft? Who knows.

Even if Vista's new security model is not good - could it be worse that what existed before? It seems that some level of authentication is better than none, doesn't it?

Thursday, October 19, 2006

SPF Records: Do it Now

Yes a lot of people complain about the problems with SPF records. However the problems with not using them are greater.

Right now I am getting hundreds of bounce back messages because spammers are spewing out messages using my domains.

The problem for the people who are using mail systems that do not check SPF records is that they do not know this spammer IP is not on our allowed list and that this is obviously spam. If their mail system was checking our SPF records they would not be getting the messages in the first place, and if it was a good mail system it would not be spewing out bounce messages for spoofed emails.

The problem for mail administrators and mail servers is that by not checking SPF records a lot of bandwidth and processing power is wasted. If they would first check SPF records before touching the mail then they wouldn't have to even deal with checking to see if the user really exists on the system, and storing the message at all. And possibly spammers would leave their servers alone since they can't get messages to it.

The problem for me is that the end users, our potential customers, who are uninformed about SPF records, spoofers and spamming, is that they may be reporting our email as spam to their service providers and our domain may get blocked - incorrectly - by mail administrators and mail systems that are not smart enough to look at the spf records to verify the mail is from a legitimate source.

If you are not using SPF records it could be harming your business and limiting your business opportunities. Let's say you sumbmit a request for a quote to some business in their web form - they reply to you but you never get it because their domain has been incorrectly flagged as spam. Or let's say you get a bunch of spam and block that domain entirely. Now suddenly you can't get mail from a possibly legitimate new customer who didn't know their domain had been hijacked.

As I write this I must warn however that someone out there, needs to be keeping an eye on all this rejected spam...as mentioned in previous posts it could actually be used as a form of communication by people who do not want you to know what they are writing! So hopefully someone out there is keeping an eye on legitmate AND spoofed and spam email messages.

To find out more about SPF records contact your mail provider, your hosting provider and take a look at http://www.openspf.org

If your mail provider tries to talk you out of SPF records - yes there are some issues with them - but you can define all the allowed servers to send your mail and that should resolve the problem and make your domain harder to steal and spoof. In most cases they try to talk to you this way because they don't know how to set it up correctly - get a new mail provider.

SPF may not be a perfect solution - but it is the only solution I know of right now that even attempts to resolve this problem. Maybe there are others that are better and I would love to hear about them, but my mail provider has received awards for secure email solutions and this is their recommendation.

Sunday, October 15, 2006

DDOS Attacks

This past year I was subjected to a huge amount of Fox News. I prefer the BBC and NPR any day, but I find it interesting that in all the news stories about the information posted on Al-Jazeera about the soldier/prisoner scandal I never heard anything about this:

DDOS attacks on Al-Jazeera

And let me tell you, I was with a news junky and we were watching every right wing news show known to man. Maybe the newscasters just didn't understand it. This is almost scarier because the next real war is at the computer and network level. I have written about this previously.

But enough of that. The interesting thing about this article is that DDOS attacks can cripple a web site -- and that using a private network such as Akamai can be a solution to this problem. Probably at a hefty price, of course.

Thursday, October 12, 2006

Web Site Hacks

I have mentioned most of these previously but here's another resource outlining potential web site hacks:

Web Site Hacks & How To Fix

Chargebacks - the Crime No One is Watching

I received some chargebacks on my merchant account. Supposedly they are not really chargebacks, however if I do not provide the information requested on the form back the bank within 25 days, they can take the money out of my account.

The reason listed on the piece of paper I received in the mail from my bank (Bank of America) is this: 32-Cardholder Does Not Recognize Transaction.

I contacted the cardholder and they told me they never reported any problem with the transaction to their bank. Someone is initiating this response, it is not the cardholder and therefore it is fraudulent based on the response on the document I have.

Worse yet, the document asks me to fax the account number, expiration date and all the information including a signature from the sales draft to their fax number.

Just by reading this it looks as if I have to provide the ENTIRE account number, expiration date and the customer's signature. Hmmm. Is this secure to be faxing this stuff around? When I called in they said I could just give them the last four digits. I do not even store the full card number anywhere for security reasons. (So if you're hacking my server - you're wasting your time).

Finally when I explain this is potentially a fraudulent scam and someone should look into it and try to crack down on this there is nothing they can do. They just blindly send the requested data to any bank that asks for it in any country (this is an international web site) to resolve the issue. Supposedly they would not send the information "to just anybody" but I wonder how tight that security is, based on this whole scenario, on validating where they are sending cardholder data and who has access to it.

Here's the potential: Someone, be it at Bank of America, the third party bank, or a hacker, could be intiating the charge back to me and if I miss it, the money is taken out of my account. But guess what, the cardholder never said they didn't recognize the transaction in the first place...think about it...where did that money go?? Someone's pocket - and not the right one.

Monday, October 09, 2006

PayPal Sent Me a Virus

The other day an address listed as coming from PayPal sent me a virus and it appeared to be actually coming from a PayPal email server. It was caught by the virus checker on my email system.

So I did the good citizen thing and reported it to PayPal so they would know and could look into it.

And they send me back a message stating something like:

"PayPal occasionally sends message to users...if you don't want these messages go into your preferences and change them..."

Sorry but I didn't see the option for "DON'T SEND ME VIRUSES".

Friday, October 06, 2006

Blog Spam

Here's a company using blog spamming to advertise products and presumably to try to increase search engine rankings with crap writing:

http://payperpost.com/

This company is advertising to bloggers to get paid for writing stuff for their advertisers. Heck I write fast I should probably do it but I won't - because I have some stupid principal in me that doesn't want to spew out fake garbage.

The problem with this thing is that people are spewing out fake, useless, biased content in an attempt to make money. For instance you can write about some product and you're getting paid for it. Are you going to write something negative?? And even if you would, is the advertiser going to post the negative feedback? No.

To me this is a blog spam factory and wasting everyone's time.

Wednesday, October 04, 2006

Serve-U hack?

I was running a trial of Serve-U Corporate edition. At the end of thirty days it turns to the personal edition.

Coincidentally I started to have a bunch of problems on my machine around that same time. See two posts prior.

I reported the problem with dllhost.exe to my hosting provider.

Then suddenly my ftp software stopped working. It said the executable was missing. I tried reinstalling. No dice. I then uninstalled and reinstalled the thing and now it works again.

There are various things you can do to lock it down like restricting IP access, etc so I tried that.

I don't know if this is all coincidental but I started having all these problems at the same time which I mentioned in previous posts:

- cannot access admin portal for Datapipe in Mozilla
- email bounce backs show spam from my domain names (working on spf records now)
- ftp server is hosed and have to reinstall
- web server using 100% of cpu and supposedly reboots itself while hosting techs are looking at it (hmm)
- web sites and/or local network is dog slow upon occasion - sometimes so slow images don't load at all from my web server
- dllhost.exe running on my box when supposedly dcom is locked down and all IIS services are disabled
- IIS service accounts have been re-enabled

I only report what I see....I am making no conclusions here until I pin down what is going on.

Global and Catastrophic IT Hacker Holes

This is a great read. Peter Coffee outlines some really big IT blunders that caused huge problems losing millions of dollars, blowing up huge infrastructures and causing world wide waves of hacking.

Dirty Dozen IT Blunders

Tuesday, October 03, 2006

Spam/Hack attack on a Java User Group

Just another report from the trenches. A recent message from a Java user group mailing list:

it appears that our fun little wiki site has attracted spammers from holland
and russia. their favorite mechanism so far appears to be to create bogus
accounts and upload html files which contain spam.

I am running daily reports and swatting them as I find them. In the meantime,
if anyone finds anything else I might have missed, pls let me know.

Thanks!

Monday, October 02, 2006

Recent Hacker IP Addresses

Here are some recent hacker IP addresses. How do I know? Because they are hitting my server on the IP and not on the domain names, and requesting technologies that do not exist on my server. They are most likely scanning for things with known holes in them that have not been patched. Notice that the most highly sought after holes are in PHP. See my other posts about PHP hacks.

Sat Sep 16 15:49:59 PDT 2006 81.3.160.38 /xmlrpc/xmlrpc.php
Mon Sep 25 11:24:10 PDT 2006 219.142.169.136 /sumthin
Sat Sep 23 02:31:28 PDT 2006 194.72.238.63 /
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc/xmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /phpAdsNew/adxmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /phpads/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /phpadsnew/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /Ads/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /ads/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adserver/adxmlrpc.php
Fri Sep 22 12:24:16 PDT 2006 194.72.238.62 /
Thu Sep 21 12:42:12 PDT 2006 194.72.238.63 /
Wed Sep 20 23:29:32 PDT 2006 194.72.238.62 /
Wed Sep 20 16:12:12 PDT 2006 71.87.211.76 /_vti_bin/_vti_aut/fp30reg.dll
Wed Sep 20 00:02:43 PDT 2006 194.72.238.63 /
Tue Sep 19 09:07:31 PDT 2006 82.192.89.153 /mysql/main.php
Tue Sep 19 09:07:31 PDT 2006 82.192.89.153 /db/main.php
Tue Sep 19 09:07:30 PDT 2006 82.192.89.153 /phpmyadmin/main.php
Tue Sep 19 09:07:30 PDT 2006 82.192.89.153 /PMA/main.php
Tue Sep 19 09:07:31 PDT 2006 82.192.89.153 /admin/main.php
Sat Sep 16 15:49:55 PDT 2006 81.3.160.38 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adxmlrpc.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adserver/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpAdsNew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpadsnew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /Ads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /ads/adxmlrpc.php
Sat Sep 16 15:49:59 PDT 2006 81.3.160.38 /xmlrpc.php
Sat Sep 16 15:50:00 PDT 2006 81.3.160.38 /xmlsrv/xmlrpc.php
Sat Sep 16 15:49:59 PDT 2006 81.3.160.38 /xmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /Ads/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpadsnew/adxmlrpc.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adserver/adxmlrpc.php
Sat Sep 16 15:49:55 PDT 2006 81.3.160.38 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Sat Sep 16 22:17:30 PDT 2006 194.72.238.62 /
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adxmlrpc.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /phpAdsNew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /ads/adxmlrpc.php

Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /blogs/xmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /ads/adxmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /blog/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /community/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /blogs/xmlsrv/xmlrpc.php
Sat Sep 23 02:31:28 PDT 2006 194.72.238.63 /
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /phpadsnew/adxmlrpc.php
Mon Sep 25 10:26:23 PDT 2006 219.142.169.136 /sumthin
Mon Sep 25 11:24:10 PDT 2006 219.142.169.136 /sumthin
Mon Sep 25 13:45:56 PDT 2006 194.72.238.63 /
Tue Sep 26 12:15:09 PDT 2006 194.72.238.63 /
Wed Sep 27 05:58:18 PDT 2006 194.133.131.201 /_vti_bin/_vti_aut/fp30reg.dll
Wed Sep 27 10:57:30 PDT 2006 194.72.238.63 /
Mon Sep 11 23:04:31 PDT 2006 64.114.199.1 /
Mon Sep 11 23:04:31 PDT 2006 64.114.199.1 /
Wed Sep 13 15:35:31 PDT 2006 64.114.199.1 /
Wed Sep 13 15:35:31 PDT 2006 64.114.199.1 /
Sat Sep 16 14:41:49 PDT 2006 194.72.238.62 /
Tue Sep 19 04:12:53 PDT 2006 212.43.248.186 /
Tue Sep 19 09:07:28 PDT 2006 82.192.89.153 /admin/main.php
Tue Sep 19 09:07:28 PDT 2006 82.192.89.153 /db/main.php
Tue Sep 19 09:07:27 PDT 2006 82.192.89.153 /phpmyadmin/main.php
Tue Sep 19 09:07:28 PDT 2006 82.192.89.153 /mysql/main.php
Tue Sep 19 09:07:27 PDT 2006 82.192.89.153 /PMA/main.php
Wed Sep 20 00:02:43 PDT 2006 194.72.238.63 /
Wed Sep 20 15:02:32 PDT 2006 194.72.238.62 /
Wed Sep 20 15:57:28 PDT 2006 71.87.211.76 /_vti_bin/_vti_aut/fp30reg.dll
Thu Sep 21 12:42:12 PDT 2006 194.72.238.63 /
Thu Sep 21 16:18:31 PDT 2006 64.246.0.17 /robots.txt
Fri Sep 22 08:59:01 PDT 2006 194.72.238.62 /
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adserver/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /phpAdsNew/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /phpads/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /Ads/adxmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlsrv/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /drupal/xmlrpc.php
Tue Sep 19 09:07:28 PDT 2006 82.192.89.153 /admin/main.php pmafind
Tue Sep 19 09:07:30 PDT 2006 82.192.89.153 /phpmyadmin/main.php pmafind
Tue Sep 19 09:07:30 PDT 2006 82.192.89.153 /PMA/main.php pmafind
Tue Sep 19 09:07:31 PDT 2006 82.192.89.153 /admin/main.php pmafind
Tue Sep 19 09:07:28 PDT 2006 82.192.89.153 /db/main.php pmafind
Tue Sep 19 09:07:27 PDT 2006 82.192.89.153 /phpmyadmin/main.php pmafind
Tue Sep 19 09:07:28 PDT 2006 82.192.89.153 /mysql/main.php pmafind
Tue Sep 19 09:07:31 PDT 2006 82.192.89.153 /db/main.php pmafind
Tue Sep 19 09:07:27 PDT 2006 82.192.89.153 /PMA/main.php pmafind
Tue Sep 19 09:07:31 PDT 2006 82.192.89.153 /mysql/main.php pmafind
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adserver/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /adserver/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /phpadsnew/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /Ads/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /ads/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /phpAdsNew/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /phpads/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /Ads/adxmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlsrv/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /drupal/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /blogs/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /phpads/adxmlrpc.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Fri Sep 22 14:35:17 PDT 2006 66.221.181.243 /phpAdsNew/adxmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /ads/adxmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /blog/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /community/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /blogs/xmlsrv/xmlrpc.php
Fri Sep 22 14:35:21 PDT 2006 66.221.181.243 /xmlrpc/xmlrpc.php
Fri Sep 22 14:35:20 PDT 2006 66.221.181.243 /phpadsnew/adxmlrpc.php
Sat Sep 16 15:49:55 PDT 2006 81.3.160.38 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adxmlrpc.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adserver/adxmlrpc.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adserver/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpAdsNew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpadsnew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpadsnew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /Ads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /Ads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /ads/adxmlrpc.php
Sat Sep 16 15:49:59 PDT 2006 81.3.160.38 /xmlrpc.php
Sat Sep 16 15:49:59 PDT 2006 81.3.160.38 /xmlrpc.php
Sat Sep 16 15:50:00 PDT 2006 81.3.160.38 /xmlsrv/xmlrpc.php
Sat Sep 16 15:49:55 PDT 2006 81.3.160.38 /a1b2c3d4e5f6g7h8i9/nonexistentfile.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /adxmlrpc.php
Sat Sep 16 15:49:56 PDT 2006 81.3.160.38 /phpAdsNew/adxmlrpc.php
Sat Sep 16 15:49:57 PDT 2006 81.3.160.38 /phpads/adxmlrpc.php
Sat Sep 16 15:49:58 PDT 2006 81.3.160.38 /ads/adxmlrpc.php
Sat Sep 16 15:49:59 PDT 2006 81.3.160.38 /xmlrpc/xmlrpc.php

Sunday, October 01, 2006

Invalid SSL Certificate Accessing Hosting Company Admin Web Site

Today was trying to access the Admin console for DataPipe (a managed server I work on ) and could not access the site via https in Mozilla using HTTPS. It keeps timing out. Interestingly enough when accessing it via HTTP in Mozilla or on IE with HTTPS it would work correctly.

The weird thing here though is that one time when I tried to access via HTTPS in Mozilla, I got an error saying the SSL certificate domain name did not match the domain name I was trying to access. When I took a look at the certificate details it was pointing to a choicepoint SSL certificate. I am not sure but I think it was secure.choicepoint.net.

Interestingly choicepoint.net is in Atlanta which was probably the most major source of hacking I saw while on my previous hosting provider network. Could be a coincidence. Coincidences and random Internet connections abound.

I went to read about choicepoint on the net and found this: choicepoint

Related?