Submitted via IRC for Bytram
Think you have bad luck? Imagine being the script kiddie who inadvertently tried and failed to pwn an Akamai security pro.
Larry Cashdollar, a senior security response engineer at the US-based global web giant, told us late last week he just recently noticed something peculiar in the logs on his personal website. Further investigation turned up signs of someone scanning for remote file inclusion (RFI) vulnerabilities.
[...] He told The Register his site's logs showed the would-be attacker probing for RFI holes that would allow them to trick web applications into fetching and running a remote malicious script. In this case, the scumbag was trying, unsuccessfully, to load a file via a custom tool Cashdollar had created for his site.
"Based on my log entries they appear to be parsing web sites looking for form variables and automatically testing if those variables allow remote file inclusion," Cashdollar told El Reg.
"It's a generic test against any website where they can parse out the form input variable and then supply a URL to that variable to see if the content is included and executed."
Unfortunately for the attacker, Cashdollar also used the logs to follow the GET requests to the payload the attacker was trying to load: a script that attempted to harvest information about his server. By dissecting that and other files the hacker had ready to execute commands and take over vulnerable websites, Cashdollar was also able to extract the criminal's email address and their preferred language – Portuguese.
[...] The Akamai security engineer told El Reg that, for admins, the big takeaway from his experience is the importance of watching logs, patching site management tools, and writing web code that cannot be exploited for RFI.
"Make sure their application patches are up to date," Cashdollar advised. "Keep track of any new vulnerabilities discovered in software they're using for content management and site delivery and patch when new vulnerabilities are disclosed by the vendor."
(Score: 0) by Anonymous Coward on Tuesday July 30 2019, @05:36AM (2 children)
Do they still exist? I thought cloudflare had completely eaten their lunch.
(Score: 1, Insightful) by Anonymous Coward on Tuesday July 30 2019, @07:28AM (1 child)
Akamai is huge. They are probably the biggest CDN still. While many smaller sites and companies still use them, many of the largest do. Plus, they have all sorts of government contracts. The main reason, I think, most newer or smaller websites and startups skip them is that Akamai doesn't have much public information available, especially when it comes to pricing. You have to go through the sales department. However, a buddy at a Fortune 500 said they are very price competitive, extremely responsive, and know how to schmooze the higher ups.
(Score: 0) by Anonymous Coward on Wednesday August 07 2019, @07:29PM
Although they had/have some sort of data sharing agreement.
But if it wasn't for Akamai a lot of web caching would have never happened and Google+Dejanews might be the only stuff that wasn't purged.