Working away and suddenly a whole bunch of hits on my server from bots around the world lead me to suspect that these IPs are somehow working together in a coordinated attack of some kind.
Could be coincidental but just saw a whole bunch of hits in a short time period. I have been working all day and not been seeing this. These hits are from the usual suspects - Germany, Taiwan, etc.
And coincidentally - I just made a significant update to my web server. Seems as though they are monitoring changes.
64.124.85.78
64.34.145.194
64.34.145.195
66.246.252.172
38.100.225.11
193.47.80.39
220.130.191.240
219.142.118.37
212.241.204.251
38.98.120.70
64.34.145.198
88.198.43.39
Trends from the trenches of Internet traffic. Hackers, spammers and Internet abuse. IP address database. DNS sightings. Views and opinions expressed are my own. ~ Teri Radichel @teriradichel
Saturday, November 25, 2006
Tuesday, November 21, 2006
Sites with XSS Flaws
Here's a forum of sites with XSS flaws. Verify for yourself. If you can stand the terrible language and tangents.
Sites with XSS Flaws
I accidentally found an XSS flaw on my bank's web site recently. They were trying to prevent it by using a JavaScript pop up box. Helllloooo. Who doesn't know you can turn off JavaScript these days? A bank for goodness sakes...my money at stake.
It is a small credit union. Needless to say I am in the process of changing banks.
Sites with XSS Flaws
I accidentally found an XSS flaw on my bank's web site recently. They were trying to prevent it by using a JavaScript pop up box. Helllloooo. Who doesn't know you can turn off JavaScript these days? A bank for goodness sakes...my money at stake.
It is a small credit union. Needless to say I am in the process of changing banks.
Saturday, November 18, 2006
Root Kits
Here's a site listing rootkits and seems to have a bunch of hackers posting information about using them:
http://66.102.7.104/search?q=cache:BIB2gaxTOGUJ:www.rootkit.com/board.php%3Fdid%3Dedge0%26closed%3D1%26lastx%3D15+windows+defender+login&hl=en&gl=us&ct=clnk&cd=9
http://66.102.7.104/search?q=cache:BIB2gaxTOGUJ:www.rootkit.com/board.php%3Fdid%3Dedge0%26closed%3D1%26lastx%3D15+windows+defender+login&hl=en&gl=us&ct=clnk&cd=9
Sunday, November 12, 2006
Process Monitor: What is that process doing?
Microsoft took over sysinternals.com as mentioned and in so doing is replacing regmon and filmon with the Sysinternals Process Monitor.
Process Monitor
This looks to be the information requested for months in my pleas to help find out what is causing problems on a machine in past articles (of course I am just one of the many...) I haven't tried it yet but if it lives up to the description it could be very useful if and when you suspect hacking on a machine - to verify and validate every process and user and what they have been up to.
Process Monitor
This looks to be the information requested for months in my pleas to help find out what is causing problems on a machine in past articles (of course I am just one of the many...) I haven't tried it yet but if it lives up to the description it could be very useful if and when you suspect hacking on a machine - to verify and validate every process and user and what they have been up to.
Friday, November 10, 2006
Windows Security Utilities
Here are some utilities that can be used to explore what is running on your machine:
Security Utilities
Microsoft has purchased a the site formerly Sysinternals.com which was a good source of utilities - probably used by both hackers and legitimate security professional alike.
Security Utilities
Microsoft has purchased a the site formerly Sysinternals.com which was a good source of utilities - probably used by both hackers and legitimate security professional alike.
Wednesday, November 08, 2006
Kernel bugs & vulnerabilities
Which OS has the most hacks -- and the most alarming hacks or bugs?
This month that topic is being explored by some developers on this web site with contributions accepted from other developers around the world:
Kernel Bugs
The scariest one to me so far is the GDI bug on windows that allows escalation of privileges to take over a machine. Not good and no fix available yet supposedly.
Also interesting are the tools used to find these bugs. Aren't the developers building this software familiar with and testing their software with these tools for such a critical piece of functionality such as an operating system kernel?
Yeah I might not be using them for my code but I don't have the whole world relying on the securty of my software as these vendors do.
This month that topic is being explored by some developers on this web site with contributions accepted from other developers around the world:
Kernel Bugs
The scariest one to me so far is the GDI bug on windows that allows escalation of privileges to take over a machine. Not good and no fix available yet supposedly.
Also interesting are the tools used to find these bugs. Aren't the developers building this software familiar with and testing their software with these tools for such a critical piece of functionality such as an operating system kernel?
Yeah I might not be using them for my code but I don't have the whole world relying on the securty of my software as these vendors do.
Tuesday, November 07, 2006
Site Rippers
There are many reasons why someone may want to "rip" a site but in my opinion, it should be illegal. Things are copyrighted and available online. If you need them offline you should have to request permission from the site owner.
I would guess most people are site ripping for the purpose of reverse engineering a site either to compete with SEO rankings or to try to find a way to hack the site. For instance they can rip the site, run tests against it without hitting your web logs, and then put the program they have developed to do whatever to you web site undected - so it looks like normal traffic in your web logs.
Some site rippers are obvious - like looking in the request headers and finding the user agent. Others are more sly, doing things to cover their tracks and appear as if they were a "normal" user.
What to do about site ripping? Good question. First block the blatant ones. Second, look for traffic anomalies that don't appear to be "normal" users clicking through a site at normal speed. Finally, frequent site changes can help ensure someone has not written a program to walk through your pages and do something malicious. You can "break" their code by finding ways to change your pages frequently.
I would guess most people are site ripping for the purpose of reverse engineering a site either to compete with SEO rankings or to try to find a way to hack the site. For instance they can rip the site, run tests against it without hitting your web logs, and then put the program they have developed to do whatever to you web site undected - so it looks like normal traffic in your web logs.
Some site rippers are obvious - like looking in the request headers and finding the user agent. Others are more sly, doing things to cover their tracks and appear as if they were a "normal" user.
What to do about site ripping? Good question. First block the blatant ones. Second, look for traffic anomalies that don't appear to be "normal" users clicking through a site at normal speed. Finally, frequent site changes can help ensure someone has not written a program to walk through your pages and do something malicious. You can "break" their code by finding ways to change your pages frequently.
Subscribe to:
Posts (Atom)