Tags: We were sorry to hear that the folks at Perl.com were hacked into last weekend and that their website visitors were redirected to a porn site. The method of attack highlights the risks associated with displaying third party content on your websites. This is something which all website owners should take a moment to consider.
After some analysis, it turned out that none of the servers involved were actually compromised. The hacker simply registered a domain (grepblogs.net) which had recently expired and set up a new server to replace the web services it was providing, including an Openads ad server.
Perl.com had a Javascript ad tag from the grepblogs.net domain name. The hacker proceeded to change the function of the Openads Javascript tag and redirect visitors to a different website.
I am confident that the people running Perl.com have taken every security precaution, their site is probably one of the more secure sites on the net. This type of hack demonstrates that while there was no compromise of the Perl.com servers, a compromise of a related server (or a domain takeover!) which serves content on the Perl.com site can be just as serious.
Note that the fact that this happened does not mean that either Perl.com OR Openads had any security vulnerability. It happened because sites now have lots of content being served by many different domains. For example, the content on the Techcrunch website is being delivered by over TWENTY domain names! If one of these domains gets hacked into, Techcrunch is at risk.
Is there a security standard for this type of web content delivery? There needs to be. Openads gets served on over 30,000 publishers, across 100,000+ domains. Many of those domains come from third parties.
This is not a problem specific to ad servers. Widget makers, analytics providers, and many other applications which use third party tags or domains are equally vulnerable. We all need to get together and discuss how problems like what happened to Perl.com can be eliminated, or at least minimised.
I will discuss with some other people who have experience in the field and send a follow up blog to continue this discussion.
[...] their blog, they detail the travails of one website which ran into trouble as it used services from another, [...]
Pingback by roddy.ie » OpenAds pose a good question — January 27, 2008 @ 3:49 pm
[...] at OpenAds describes how a lapsed ad server domain registration led to security problems for an unrelated site that was running its ads. The site called the ad server, expecting an ad, and got back JavaScript that redirected the [...]
Pingback by yardley.ca / dash » Security & ad serving — January 28, 2008 @ 4:40 pm
Damn its so strange sometimes how hackers can control a server. You think you got it all protected, but at the end you always forget something. Hope there will be a 100% cure for it one day…
Comment by hypotheek — February 2, 2008 @ 8:47 pm
[...] OOPS! Seems Yahoo forgot to renew it’s security certificates. Do you have a process in place to secure to ensure your domain names and associated security certificates are always up to date? How about 3rd party monitoring of your service? Now this little warning is a nuisance compared to what happened to perl.com when a domain that was used for serving on the site was registered by a hacker. [...]
Pingback by Mike On Ads » Blog Archive » Are your certificates & domains up to date? — July 8, 2008 @ 12:02 am
Twitter feed I received an announcement from TechCrunch saying that Pownce is now open to subscription, after a closed testing period. ,
Comment by BadGirl50 — October 22, 2009 @ 4:32 pm