[Novalug] [OT] Google group security problem

JRR energy.wwind at cox.net
Mon Jan 26 14:41:26 EST 2009 

JRR John Ross wrote;
    Could you write a routine that would search for the gmail user and 
scan the posts
    against a list of 'bad character' words and take a decision to block 
that ID ??
    Or will they just go to another Uname ?

Bonnie Dalzell wrote:
> On Mon, 26 Jan 2009, Joseph Brinkley wrote:
>
> JB >JRR? What??
> JB >
> JB >Bonnie, It may have been some vulnerable code that allowed for XSS. Also
> JB >double check ALLLLL group settings there might be one check box missing.
> JB >
>
>
> I did when I found the replacement page. New members are monitored, you 
> have to apply to be a member. Once a member you can post and upload pages 
> and pictures. All applications are mailed to me and I am the only manager.
>
> >From a html coding point of view the invasion was cleverly done. Links in 
> the unauthorized page were iframes displaying content from a different 
> site and all the images were hotlinked to from a site that i presume 
> is a repository of porn pictures. quite a variety.
>
> after i got over the feeling of being hacked i looked through the code 
> for the unauthorized page and found that it was still at my site - i 
> had only deleted it as the current version displayed in my first 
> reaction to the thing.
>
> so i saved a copy locally for the checking i wanted to do and got rid of 
> it from the file drawer at my google site. i did file a complaint with 
> google through their complaint department but if they want to see the 
> page itself they will have to pull it out of their backup or let me 
> e-mail it to them.
>
> one thing i discovered.
>
> the cracker was logged in as ackersg2055....when the page was changed. i 
> went to the google search engine and googled that string. i got a 
> reference to a google e-mail account: ackersg2055 at gmail.com. i went and 
> looked at the profile for that uuser. the google profiles show all 
> the posts the user has posted.
>
> there were 133 posts in the profile, including the one to my site.
>
> all of the posts had suggestive titles. the one for the page on my site 
> was "unconscious-coed-assaulted-by-pervert". Not just fun porn in my 
> opinion.
>
>
> JB >On Sat, Jan 24, 2009 at 8:54 PM, JRR <energy.wwind at cox.net> wrote:
> JB >
> JB >> JRR wrote;
> JB >>
> JB >>    I don't own any Google , G groups,or G spots (on G Earth) :-)  but
> JB >> I'd like a Google Earth
> JB >>    where I could request a refresh of a particular nine-digit zip
> JB >> code............
> JB >>
> JB >> Bonnie Dalzell wrote:
> JB >> > I have a couple of google groups. One of them is a group where members
> JB >> > need to be approved by me. It is world viewable. Only members can post.
> JB >> >
> JB >> > Today I went to approve a new member application and found a web ad for a
> JB >> > pornography site had replaced my introductory page to the group.
> JB >> >
> JB >> > Also I had a few recent members that I had not approved to join. I have
> JB >> > marked them as not being able to post and I deleted the pornography ad.
> JB >> >
> JB >> > Actually it is not that I am especially touchy about pornography, I
> JB >> > would be distressed if any ad with links replaced my
> JB >> > introductory page.
> JB >> >
> JB >> > My other groups seem to be untouched.
> JB >> >
> JB >> > I am wondering if anyone else on this list has had a similar problem with
> JB >> > a google group they own.
> JB >> >
> JB >> >
> JB >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> JB >> >                         Bonnie Dalzell, MA
> JB >> > mail:5100 Hydes Rd PO Box 60, Hydes,MD,USA 21082-0060|
> JB >> EMAIL:bdalzell at qis.net <EMAIL%3Abdalzell at qis.net>
> JB >> >
> JB >> > freelance anatomist, vertebrate paleontologist, writer, illustrator, dog
> JB >> > breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
> JB >> > Editor Net.Pet Online Animal Magazine  - http://www.netpetmagazine.com
> JB >> > HOME http://www.qis.net/~borzoi/ <http://www.qis.net/%7Eborzoi/>
> JB >>  BUSINESS http://www.batw.com
> JB >> >
> JB >> > _______________________________________________
> JB >> > Novalug mailing list
> JB >> > Novalug at calypso.tux.org
> JB >> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> JB >> >
> JB >> >
> JB >> >
> JB >>
> JB >> _______________________________________________
> JB >> Novalug mailing list
> JB >> Novalug at calypso.tux.org
> JB >> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> JB >>
> JB >
> JB >
> JB >
> JB >-- 
> JB >
> JB >
> JB >--Joseph Brinkley
> JB >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                        Bonnie Dalzell, MA
> mail:5100 Hydes Rd PO Box 60, Hydes,MD,USA 21082-0060|EMAIL:bdalzell at qis.net
>
> freelance anatomist, vertebrate paleontologist, writer, illustrator, dog
> breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
> Editor Net.Pet Online Animal Magazine  - http://www.netpetmagazine.com
> HOME http://www.qis.net/~borzoi/          BUSINESS http://www.batw.com
>
>
>
>

More information about the Novalug mailing list