SoylentNews is people
SoylentNews
I recently updated my list of Seattle Tech Employers. All the way at the bottom is a link to Zoomingo, a local shopping site. When viewed on the iPhone, but not on Android, Windows nor Mac OS X, Zoomingo's Jobs page serves pr0n.
I attempted to contact Zoomingo through their contact page a few days ago but met with no response. I called the Domains by Proxy number listed in their WHOIS, only to reach a totally clueless customer service agent. He was generally nice about it, but quite confused.
"We only pass on your phone messages when they call in for it."
"Suppose they don't call in until a month from now. Are they going to be happy that a local sales website has been serving pr0n for a solid month?"
My understanding is that the Uniform Domain Dispute Resolution Policy requires up-to-date contact information in one's WHOIS record; I recall specifically that a domain was lost due to a stale postal address.
I don't have a problem with WHOIS privacy services but there should be a way for anyone who wants to reach the admin of a faulty server, to reach it immediately.
(My guess is that Zoomingo's jobs page depends on Javascript from some other domain, and that other domain's nameservers have been 0wnz0r3d.)
(Score: 5, Informative) by toygeek on Sunday May 03 2015, @07:13AM
This is pretty basic web hosting knowledge, and this applies to any type of situation like this. In this case, you've got a site that is hosted on Amazon Web Services:
root@home:~# host zoomingo.com
zoomingo.com has address 107.21.231.44
root@home:~# host 107.21.231.44
44.231.21.107.in-addr.arpa domain name pointer ec2-107-21-231-44.compute-1.amazonaws.com.
Their MX points at Google, so there's no finding the hostname of the machine they're running on, but you can stop here. Now lets look at their website source code:
meta name="generator" content="WordPress 3.1"
Their WordPress installation is older than a free AOL CD. Their WordPress site is compromised (obviously). So, what do you do? You take this knowledge to Amazon AWS's abuse dept:
root@home:~# whois amazonaws.com | grep abuse@Tech Email: abuse@amazonaws.com
Dear Amazon Abuse,
It's come to my attention while I was browsing the following site that their very old WordPress installation is compromised and being used to server pornographic material to IOS users.
Then paste in the material you've found including screenshots and URL's. They'll contact the customer or host of the customer and you've done your part.
Have a great evening :)
There is no Sig. Okay, maybe a short one. http://miscdotgeek.com
(Score: 1, Touché) by Anonymous Coward on Sunday May 03 2015, @09:36AM
not that im advocating vigilantism, heavens no. However, if there's nothing "lawful" to be done... owner is dead/doesn't care/wontfix/goes aggro on you...? Time to go chaotic good on his ass.
So this lame site is pissing you off by its existence... AND it runs wordpress for cavemen... a quick stroll across secunia's or packetstorm's advisory/exploit section, a chain of proxies or a combination of tor and proxies and someone elses wifi router, and you can take out the offending website YOURSELF without wasting anytime on middlemen.
Since the page is clearly malicious, and forwarding people to whatever... And the site has no useful, irreplaceable data someone worked for years to generate... It is my personal opinion, that taking the server out is the ethical thing to do, since the owners clearly don't give a damn. Ofc, as a citizen of a civilized country, i don't face any realistic penalty at all for this, your country stance on this stuff might be different, heh heh.
Don't fuck up.
(Score: 3, Insightful) by maxwell demon on Sunday May 03 2015, @10:11AM
I'm sure Amazon is not interested in serving porn, and probably has some terms in its contracts to that effect. So I guess if the web site owner is unresponsive also to Amazon, they'll simply shut down his site in accord with the contract.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Insightful) by toygeek on Sunday May 03 2015, @03:14PM
I doubt they care about hosting porn. But hosting a compromised site is a liability, and that, they care about.
There is no Sig. Okay, maybe a short one. http://miscdotgeek.com
(Score: 2, Disagree) by toygeek on Sunday May 03 2015, @03:11PM
And you sir, and your screwed up morality and ethics, are what is wrong. You DDOS this guys site into oblivion, and take an unknown number of sites with it. When you DDOS a site, this usually results in the sites IP being null routed for a few hours. Now, everyone who has a site on that IP address gets their site taken offline. You've now hurt hundreds to get back at one, when all you had to do was email abuse@ their host and they'll take care of it FOR you in a civilized manner that won't hurt others. If you can take the time to DDOS then I'm sure looking up an abuse address is within your means. "But that's not as much fun!" you say? See my first sentence.
There is no Sig. Okay, maybe a short one. http://miscdotgeek.com
(Score: 3, Touché) by Geotti on Sunday May 03 2015, @05:56PM
He/She didn't say anything about DDoSing the site. The "action-plan" consisted of using an exploit for the Wordpress version (for cavemen, I like that!) in use and taking it down. No word about DoS.
(Score: 3, Insightful) by toygeek on Sunday May 03 2015, @09:39PM
Yup. You're right. This is what I get for posting before reading 3x. Thanks for the correction.
There is no Sig. Okay, maybe a short one. http://miscdotgeek.com