Phishers are leveraging temporary URLs for attacks, security firm warns

It’s a great convenience  for Web designers to be able to test pages before they go live through a temporary Web page. However, researchers at Securi Inc. warn that if the organization’s service provider doesn’t properly configure temporary URLs it becomes a vulnerability phishers can exploit.

As a blog published earlier this month by Securi Inc.’s Denis Sinegubko points out, because security vendors blacklist problem URLs as soon as they find them, people behind phishing attacks have to purchase many domains — or compromise many websites — so that they can point their phishing URLs to new domains.

What some are now doing is taking advantage of loose security practices at hosting providers.

Often ISPs will give subscribers a special URL for testing a site before pointing their domain to the new server. The temporary URL would look like this:   http://server-name/~username/    where server-name is a web host’s own domain name, or IP address of the server, and username is the name of the user’s account, “But some hosting providers (including some really big ones) don’t configure these temporary URLs properly,” writes Sinegubko. “Instead of making them work only if you use a special server’s domain name or a naked IP address, some hosting providers allow the use of ANY domain name that resolves to the server’s IP address.”

Attackers can register (or hack) a cheap account on a shared server, place malicious files in various subdirectories of the account, compile a list of third-party sites hosted on the same server — which could be hundreds of domains — for exploitation for free. They can frequently change the domains without disclosing the real location of the malicious files and without having to move their files to different places when the domains get blacklisted.

Sinegubko urges administrators to check if their site is on a shared server. If so, lean the provider’s format for temporary URLs and check to see if you can open your site using your own domain name – http:// your-site-domain. com/~yourusername. On some servers you might need to also specify the site folder if you have several sites under the same account, such as  http:// your-site-domain. com/~yourusername/your-site-directory/.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now