Domain Spam Email

I own a few domains and recently received an email telling me that a similar domain to one that I own will be listed for sale. I checked the status of the domain and it shows that it’s currently in PENDING DELETE status, meaning it will become available to the public within a few days. This is actually a smart little tactic this spammer is employing. They are trying to gauge the value and interest level of a domain to determine whether or not it’s worth it to them to register right as it becomes available.

Priority Domain  Availability Notice for ****************.com:

In the next few  days,  ****************.com will be listed for sale.  Since you have a
similar domain name, I  thought you might be interested in acquiring
****************.com.

You can confirm  your interest in the domain ****************.com by filling out the
form here: ****************

After I receive  a confirmation that you are interested in the domain
****************.com, I  will be in touch with you promptly to make  arrangements.

I look forward  to hearing back from you.

Sincerely,
Arthur Simmons
InTrust Domains

The take away from this email is check things out for yourself before just accepting the fact. Owning the domain referenced in the email may be nice but had I clicked on the link, InTrust Domains probably may register the domain since I showed some sort of interest by following through on their email. I’ll check in a few days to see if the domain is available. It’s not worth too much so I’m not too concern but am quite curious on the outcome.

CHMOD 777 = BAD

One of my clients that I just started doing work was complaining about images not showing up on his site recently. I checked it out and what happened was the folder had a .htaccess file created there that restricted everyone but a few IPs. I thought that was kind of odd. I poked around more and saw that 3 PHP scripts were somehow uploaded into the folder that wrote the .htaccess file. The scripts were pretty creative and encrypted everything using hexadecimals along with a key. Fortunately, the key they used was the user agent, so I did a quick grep of the server logs and saw what user agent the script was being called was using and decoded the script.

It turns out that the scripts were basically DDOS scripts that could be triggered remotely based on parameters being sent in when calling the script.

Next step after getting rid of those and reading the code was trying to figure out how the scripts got in there in the first place. I didn’t have to look too far and saw that the folder was CHMOD 777. Obviously if a hacker wants to get in, they will find a way in, but CHMOD 777 is almost inviting them in with milk and cookies. I haven’t found out how the file was uploaded, but it’s possible they used a hole since the site was using an outdated open source software solution.

Moral of the story, don’t CHMOD 777 your folders when you don’t need to.

Chase Debt Card Stolen

I got a phone call today from Chase regarding suspicious activity on my business debt card. After a few minutes, I had learned that somehow my card was stolen along with my ATM pin along with 5 withdrawals of $500 from today and yesterday from various locations throughout California. I was worried that I would not see that money again but Chase immediately told me that I would get my money back after filing a claim.

The strange thing is that I never use my ATM card for any thing outside of depositing checks from 2 or 3 Chase ATMs in my area. I actually drove back to one of the ATMs and was looking around for a skimming device but didn’t notice anything out of the ordinary.

Back to the story, I was asked if I had access to an email to get access to a claim form. I gave them my email and was sent two emails within a few minutes with my login info.  I opened up the 2nd email which had my username with a subject of “Your Chase Customer Claims Secure Document Exchange Electronic Package is available online” and clicked on the link, which took me to https://sdx.chase.com/consumerdcx-chase_atm.

I set up my account and then logged in. I see a message waiting for me to be read, I click it and got the following message:

Sorry

A system error has occurred. Please try again, but if you continue to see this message then contact the system administrator.

I tried a number of basic troubleshooting strategies such as clearing cookies, closing browser, using Chrome, Firefox and IE on Windows, switching to my Mac laptop, tried Chrome and Firefox, then loaded up VM Fusion with a Windows XP instance. I kept getting the same screen. I even viewed the source of the page, and tried going directly to the URL the javascript function was suppose to take me to.

https://sdx.chase.com/consumerdcx-chase_atm/messages/MessageDetail?action=1&msgId=XXXXXXXX-true&listType=6&urlPrefix=http://sdx.chase.com/consumerdcx-chase_atm

No luck. I thought, maybe I’m just an idiot, why don’t I just call tech support. Of course, they told me to clear my cookies and reboot my computer. When has that seriously worked when there was an issue with a website?

I wonder that I can’t be the only one out there having the same issue. I eventually called Chase back and had them fax me the form.

First Blog Post

Finally starting my first blog. Hopefully I’ll manage to keep it updated with content.  I’ll be posting anything geek related, mostly from my programming adventures ranging from iPhone, Ruby on Rails, PHP, MySQL, etc…