Elwillow's blag

02.23.10

Security? that’s for pussy!

Seriously. SECURITY IS IMPORTANT! And it starts with what you put on your server.

Take this output:

Trying "www.***.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1812
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.***.ca.			IN	ANY
;; ANSWER SECTION:

www.***.ca.		3006	IN	A	*.*.*.235
;; AUTHORITY SECTION:

***.ca.		3006	IN	NS	ns1.***.com.
***.ca.		3006	IN	NS	ns2.***.com.
***.ca.		3006	IN	NS	ns.***.com.
;; ADDITIONAL SECTION:
ns.***.com.	132017	IN	A	*.*.*.55
ns1.***.com.	131340	IN	A	*.*.*.7
ns2.***.com.	131340	IN	A	*.*.*.235
Received 171 bytes from 192.168.7.235#53 in 12 ms

at first you don’t see anything wrong, right? right? Take a look again. The webserver is on the same machine as the nameserver?

Wait…. something doesn’t sound right?

Now you might be thinking: “They ave firewall, they are doing NAT/PAT and redirect the port 53/80 to another machine inside their network.”

It IS possible (and I damn hope it is) but so far the support we had and the level of profesionalism isn’t great. I wouldn’t be surprise it’s on the same machine. Not only that but their installed packages are OLD! They run Mysql 4, PHP 4, etc. there is probably dozen of exploits you could run. Someone could hack it and do some domain name server poisoning. Scary.

Sad. Very sad.

Also, if you look at the whois entry for ***.ca you will notice that it is outside of CIRA regulation (missing contact info).

Domain name:           ***.ca
Domain status:         EXIST
Approval date:         2008/04/23
Renewal date:          2013/04/23
Updated date:          2008/04/24

Registrar:
    Name:              Tucows.com Co.
    Number:            156

Name servers:
    ns2.***.com
    ns.***.com
    ns1.***.com

% WHOIS look-up made at 2010-02-23 21:25:21 (GMT)
%
% Use of CIRA's WHOIS service is governed by the Terms of Use in its Legal
% Notice, available at http://www.cira.ca/legal-notice/?lang=en
%
% (c) 2007 Canadian Internet Registration Authority, (http://www.cira.ca/)

Also, http:// ***.ca doesn’t work because there is not A entry in the DNS.

Note: sorry for the censorship but we still are in business with them.

Identi.ca

Categories

• G-Anime
• Games
• HowTo
• Projects
• Security
• Uncategorized
• Work

Tags

Meta

• Log in
• Entries RSS
• Comments RSS
• WordPress.org

Not Here

• GAnime
• Identi.ca Stream
• Launchpad Profile
• Project Wiki
• SAJG