Unkillable zombie blog

This blog just won't die

Dec 11, 2009

Hi5 security issues.

One of my servers had a lot of traffic due to image hotlinkers (they are now being served Goatse) and while examining the logs i noticed an unusual referer from hi5. It had get variables like loginToken , loginid and reviewCommentLink. I thought that was a little strange and thought, could it be?

One click later i was logged in as some Mexican guy.

I never liked Hi5, but i can’t deny its one of the big social networking sites. Using information in links that can log someone in without any validation (or, at least, expiring them upon first use), is a serious mistake. Its not a mistake i would expect from the likes of Hi5.

I thought about reporting it, but after a google search i came upon this blog post which describes the same issue and that guy has already reported it. So, there’s no point of reporting it again. They know and don’t care. That post is from 2006.

This is really sad. This seems like a very exploitable hole. Host an image in your server that enough people will click ( keira knightley is a great choice :p ) and just wait until you get this kind of link in your referer log. It doesn’t get any simpler. (the image on my server was probably used as a profile image for someone else)

posted at 21:57  ·   ·  hi5  security  ellak
Click to read and post comments

Jun 07, 2007

Defense against ssh brute force attacks

I have ssh daemon open on this server and accessible to the internet. I need it since i need to access my computer when i am away. Recently, however, i became the target of brute force attacks against sshd. I would block the offending IP using iptables but this would only last a few hours until the next attacker (from a different IP obviously).

I thought if snort and rules that exist to update iptables automatically but a) that would be a lot of work to setup and b) snort would brock my old computer to its knees (PentiumII  with 64Mb ram).

Yesterday i came across denyhosts which is a Python program (yay!) that detects intrusion attemplts and adds them to /etc/hosts.deny. It has a lot of nice features, its easy to setup  and quite effective. (well… its Python.. what did you excpect)

Seems quite cool, and it doen’t need snort and plugins and hours and hours of configuration and reading.
posted at 21:50  ·   ·  linux  security
Click to read and post comments