Blog


Word to the Wise

September 14th, 2005

Word to the Wise: If you run a dedicated web server for multiple people and web sites - make sure none of the sudo-capable accounts use a dictionary-based password. Ever. With that in mind, the past few days have been a complete mess. Luckily, all the data and files were saved from my various web sites (this one included) - and no data was lost or stolen. I forgot to copy a couple .htaccess files during the transfer, so I'm working on rebuilding them from memory. Regardless, everything should be 'ok' with this web site now, all the bugs seem to have been cleared away. I still have a couple web sites that need to come up (ideashrub, and some new, unmentioned, projects included) due to the fact that they need some additional TLC. Sorry for all of the mess.

To make up for it, I'm planning on releasing a project every day for the next couple days. I've been playing with some new technologies and I really want the chance to show all my work off.

Tags: server, blogs, hacking

Sneaky Phishing Attempt

February 21st, 2005

This is, by far, one of the sneakiest phishing attempts that I've received, to date:

http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%30%33%2E%32%33%34%2E%32%35%2E%31%39%30%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQfgfhgTDrferHCURstpAisNfgpAisNRqAhQRfhgTDrferHCUQRfqzeHAfdeMWZlHhlWXh

If you'll notice, the URL does appear to be actually at ebay.com (which it is), however they're using a hidden command in this particular dll to redirect the user to their own, personal, phishing page. This is very sneaky, Gmail didn't even catch it.

This attempt knocks out the particular email that I received with the entire contents represented as an image (so it looked completely legit) and a link sending the user to their phish page. These malicious hackers are just getting worse and worse. I really feel sorry for the average Internet user having to deal with this.

Tags: hacking, phishing, spam

Current Projects

jQuery JavaScript Library

jQuery

Comprehensive DOM, Event, Animation, and Ajax JavaScript Library.

Recent Projects

Pro JavaScript Techniques

JavaScript Book

The best techniques for professional JavaScript. Published by Apress.

More Projects...

Hosting provided by the cool dudes at Engine Yard.