Malware

How did a subdomain on cancer.org end up serving porn?

A few days ago I discovered several referral spam links to the domain servicematch.cancer.org in my server logs. Spam referrals are usually a part of some blackhat SEO campaign used to generate traffic, and if possible, get the URL listed on a website’s public statistics page.

Content warning: This article contains mildly sexually explicit text and images.

A Denial-of-Service (DoS) attack from Facebook?

The other day I got an automated alert from our managed WordPress hosting service, notifying me of an issue with resource exhaustion for a virtual site. Upon closer inspection, I discovered that the adversary was not your everyday aimless botnet, but something darker, and far more sinister.

Plausible Analytics review – Browser fingerprinting and CNAME cloaking

For the last few weeks, my feeds and federated timelines have been filled with absolutely brilliant marketing campaigns for Plausible Analytics, the new open-source privacy-focused website analytics tool. Plausible Analytics has enjoyed exponential growth and is frequently recommended by privacy-conscious voices in the FOSS community.

Outlook.com phishing campaign hosted on Google's Firebase platform

Earlier this week I discovered an interesting Outlook.com phishing mail that had been caught by the anti-spam measures we deploy for our e-mail customers. Well, to be fair, the phishing attack itself was not anything new or sophisticated, but the choice of hosting provider was rather interesting.

A digital ocean of bots

Last week I noticed yet another ongoing brute-force attack against our managed WordPress hosting. The botnet is very low key and each bot connects on average only once per day. Up until now, I’ve collected in the ballpark of 3100 unique bots.

Email service providers should kill off the bitcoin extortion scam

Like everyone else with an email address, I’ve been receiving these bitcoin extortion messages for months. I’ve also observed with ever greater dissatisfaction as scammers raked in tens of bitcoins within a week. What especially annoys me is not so much that people are falling for this scam, but that email service providers are simply looking the other way.

Hakaied with love from Telecom Egypt

In the last two weeks I’ve seen a steady increase of bots trying to exploit a remote command execution flaw on D-Link routers. The majority of the attacks are originating from IP blocks belonging to Telecom Egypt Data.