Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

SEO Via DNS "Piggybacking" 74

An anonymous reader writes "There is an interesting story over at the SANS Internet Storm Center that shows details on about 50 organizations that have had new machine names added to their DNS zone information. These were then pointed to sites used to boost the search engine cred of pharma, personals, and porn sites. If you outsource your DNS, how would you ever catch something like this?"
This discussion has been archived. No new comments can be posted.

SEO Via DNS "Piggybacking"

Comments Filter:
  • by Hentes ( 2461350 ) on Wednesday October 12, 2011 @03:10PM (#37694930)

    is signing up the contact emails of SEO companies to v1agr4 mailing lists. Fight spam with spam.

    • by Anonymous Coward

      Excuse me, but might I point out that SEO is not spam. Some spam tactics are used by the less scrupulous SEO firms out there, but the two are very different beasts.

      I, for one, direct my clients in proper selection and placement of keywords on their sites and assist them in optimizing their content so that it can be more easily browsed by their users. The end result of this process is typically a site that is accessible to search engines and end users alike, with reasonable rankings in relevant searches. No

      • by TechLA ( 2482532 )
        Exactly this, there are many reputable SEO companies and individuals. Just like with everything else, some people misuse things for their own gain. SEO is not about spamming search engines, it's improving the site in question, both to search engines and users. This results in better experience to everyone.
      • by Hentes ( 2461350 )

        So are you saying that your kind has nothing to do with the automated posts on blogs/forums/comment walls all linking back to the home site for page rank? Or the top 100 keywords in hidden style on pages?

        Also, I don't spend that much time in front of the computer drunk, so if you are getting tons of spam it might be a follower of mine, or most likely just one of your "collegues".

      • Re:My hobby (Score:5, Funny)

        by citizenr ( 871508 ) on Wednesday October 12, 2011 @04:04PM (#37695460) Homepage

        Excuse me, but might I point out that SEO is not spam.

        Thats what SEO salesperson would say.

      • by Anonymous Coward

        The results of most SEO tactics are spam. Instead of filling up your mailbox you search for some term and instead you have to weed through the crap to get get the results you were really looking for. For Google they offer a way to move you to the top, you pay for an ad based on keywords. If the person searching is looking to buy something it's right there, easy to get to.
        SEO "experts" charge customers to attempt to game the system, theoretically charging less than an ad would cost. Since the search prov

      • Some spam tactics are used by the less scrupulous SEO firms out there

        And these guys are giving the other 0.0001% a bad reputation.
        Go jerk off somewhere else; preferably using powdered glass as a lube.

        • Go jerk off somewhere else; preferably using powdered glass as a lube.

          I would like to subscribe to your newsletter.

      • Excuse me, but might I point out that SEO is not spam. Some spam tactics are used by the less scrupulous SEO firms out there, but the two are very different beasts.

        I, for one, direct my clients in proper selection and placement of keywords on their sites and assist them in optimizing their content so that it can be more easily browsed by their users. The end result of this process is typically a site that is accessible to search engines and end users alike, with reasonable rankings in relevant searches. No spam, no bullshit, no need for you to be an asshole. I'll be sure to forward all my v1agr4 spam to you from now on, now that I know where it's coming from.

        What a joke. You want to optimize your search results?

        1: Spend 5 minutes reading Google's page on the subject, and include the proper meta tags in your pages.
        2: Make sure your robots.txt (if you have one) isn't blocking Google.
        3: Have content worth searching for.

        Absolutely any other tactic is a misrepresentation of content, and thus a form of spam.

    • A good web author knows how the search engine works with their site. Things like overuse of a keyword, not enough content or excessive boiler plate content will cause your site to rank low. While things like canonical urls, matching meta description with page content, lots of diverse keywords in narrative format and links pointing to pages that contain the link text in prominent locations all will help your position in a search engine.

      I'm sure there are some SEO companies that sell people bullshit, but

      • by Hentes ( 2461350 )

        That was informative. Sorry, I had a bit of prejudice against the whole business. Although I have to say I don't share your optimism about malicious tactics not working, as I see their signs in a lot of places.

  • by h4rr4r ( 612664 ) on Wednesday October 12, 2011 @03:11PM (#37694936)

    You could just do a zone transfer and check. If they don't allow that, find someone who does.

  • Most of the questionable machines listed in the article had the kind of names you would expect for this kind of activity, like "viagra" and "cialis". Several machine names contained "facebook". Is Facebook involved in this somehow? When you're a giant of the industry, do you really need to resort to this kind of thing?
    • Facebook's another victim here, more or less. From TFA, it appears one approach is promoting malicious Facebook apps. Personal opinions of Facebook aside, it seems reasonable. If I trust Initech.com, I'd be me likely to approve a Facebook app from facebook.initech.com.
    • Facebook's entire history is one of shady behind-the-user's-back shit.

  • Your secure connection has been certified by someone who gives away free certificates! Security!

    • by h4rr4r ( 612664 )

      The folks who sell them, don't do anymore checking.
      For evidence look at the recent news articles about it.

    • which is why I've changed the trust model in FF to Untrusted for ALL Certs until I provide an exception and it seems to work fine for me as I don't have that many secure websites I deal with that it's a problem.

    • by heypete ( 60671 )

      What does it matter if it's free or not? They do the same "domain validation" that is common amongst paid CAs, and basically used for most everything except EV certs. At least StartCom puts their Class 1 certs under a specific intermediate root that you can choose to not trust if you wish, as opposed to how a lot of other CAs do it.

      Should CAs do more thorough validation? No doubt. I'd like to see them do away with DV certs (or at least have browsers display different trust indicators). That said, validation

  • Plenty or sex and drug additions but no rock and roll?
  • by Czech Blue Bear ( 1897556 ) on Wednesday October 12, 2011 @03:47PM (#37695308)
    I believe that DNS, along with other IT infrastructure (and accounting) is so crucial that it should never be outsourced. By outsourcing, you are in fact giving away your keys to your webs/infrastructure/money. Of course that all kinds of bad stuff can happen then.
    • by Anonymous Coward

      I believe that DNS, along with other IT infrastructure (and accounting) is so crucial that it should never be outsourced.

      Well, maybe. More importantly, many of us don't have sufficient bandwidth, power & reliable internet connections to host our own DNS servers.

      By outsourcing, you are in fact giving away your keys to your webs/infrastructure/money. Of course that all kinds of bad stuff can happen then.

      Maybe, but you also might hire professionals to do something that you aren't very good at so that you c

    • by msobkow ( 48369 )

      I don't understand why you'd want to outsource DNS. It's trivial to set up a DNS server, and I'd want to be able to remap servers on a whim in case any issues arose.

      I set up a one-machine DNS on this box just so the VMWare image can be properly resolved by the host image. It took longer to download the latest bind software than it did to configure it.

      • Setting up BIND is easy.

        Setting up several high-reliability, geographically-distributed, no-common-failure-modes sites is hard, and it's a prerequisite for DNS. If you mess up, pushing out new NS and glue records is slow. It takes a long time to recover, and your web site is down and your mail is bouncing the whole time.

        Some large companies have multiple reliable sites and it's not a burden to host their own. Most mid-to-small guys are better off using at least an outsourced secondary DNS service. Tiny

      • by Monoman ( 8745 )

        I don't understand why you'd want to outsource DNS. ...

        I work for a small sized school in Hurricane alley. We are considering outsourcing our DNS to keep basic services (DNS and a static web page) up in the event of a localized disaster. Example, a hurricane comes through causing an extended power outage on our main site (which includes our small datacenter). Someone could remotely update the DNS to point www to a remotely managed static web page that includes updates to the status of various locations. We may do this ourselves through an agreement with anot

  • There are two issues here (cracked corporate DNS box, or hacked login creds) and it seems like #1 should be way higher than 50 organizations.

    At any rate, registering a business name under a crap domain has always been going on. It gives spammers something to put in an email that looks legit enough for people to click.

  • The article doesn't say whether this guy followed up and contacted the domain owners about it. Who is to say that these organisations aren't simply being paid for use of their domain name in this manner? I know I know. Its unlikely, but there are all things like this happening.

    What I want to know is, are the DNS hosting providers in on it? Are they modifying their software so that the customer doesn't see information. That would be where the real badness is and should be publicized. It also wouldn't be t

    • by tliston ( 669910 )
      In addition to sending notifications to site owners, I did communicate with several of them and they were shocked to find out about the alteration of their domain information. I also spoke with some of the DNS providers and I found nothing to indicate that they were involved (also, from TFA, the domains are spread across multiple DNS providers). As I said in the write-up, my bet is on a combo of poorly chosen passwords and overly generous/non-existent account lockout policies on something like a cPanel int
  • Zone transfers? (Score:3, Informative)

    by Anonymous Coward on Wednesday October 12, 2011 @05:51PM (#37696464)

    The referenced site had many examples, such as buy-viagra.4kidsnus.com
    having been added as an extra host (subdomain! There is even a
    www.buy-viagra.4kidsnus.com!) to 4kidsnus.com.

    Now how did that get added to 4kidsnus.com?

    Someone suggested checking a zone transfer. That seems not to work
    here at the dnsexit.com supplied nameservers.

    I do NOT see any buy-viagra.4kidsnus.com in a zone transfer for 4kidsnus.com. I DO see a separate zone transfer to the domain buy-viagra.4kidsnus.com itself.

    Usually public zone transfers don't work, but they happen to
    be supported for 4kidsnus.com.

    4kidsnus.com. SOA ns2.dnsexit.com

    (from dns2.dnsexit.com)

    Hmmm ... slashdot claims this hits their 'lameness' filters
    due to so many 'junk; characters ... like spaces and digits?

    Well ... apparently they are not going to accept it with
    any useful data so ... try a 'dig @ns2.dnsexit.com. 4kidsnus.com.' Here is a truncated version of what I found.

    One finds the SOA (nameserver at ns2.dnsexit.com),
    NS records (dns{1,2,3,4}@dnsexit.com), a few MX records
    (at google) a wild carded CNAME (*.4kidsnus.com are all
    aliased to the CNAME 4kidsnus.com) and address for
    4kidsnus.com (50.73.38.13) and one host with its own,
    separate A record, pbx.4kidsnus.com at 74.189.21.58.

    I don't see buy-viagra.4kidsnus.com at all.
    However one can get a separate zone transfer for that
    domain (with a host at www.buy-viagra.4kidsnus.com):

    dig @ns2.dnsexit.com buy-viagra.4kidsnus.com. axfr

    buy-viagra.4kidsnus.com. SOA ns2.dnsexit.com. admin.netdorm.com.
    buy-viagra.4kidsnus.com. NS ns1.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns2.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns3.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns4.dnsexit.com.
    buy-viagra.4kidsnus.com. A 67.55.117.204
    www.buy-viagra.4kidsnus.com. CNAME buy-viagra.4kidsnus.com.
    buy-viagra.4kidsnus.com. 28800 IN SOA ns2.dnsexit.com. admin.netdorm.com. ;; SERVER: ns2.dnsexit.com

    • by tliston ( 669910 )
      Interesting. I tried zone transfers on some of the first domains I found, but gave up on them because I wasn't getting anywhere. What you're seeing is very odd -- almost like DNSExit is treating buy-viagra.4kidsnus.com like a domain itself rather than as a sub-domain of 4kidsnus.com.
      • by Anonymous Coward

        Maybe someone signed up to host DNS for their domain "buy-viagra.4kudsnus.com" with them, and their systems aren't smart enough to realize that that sort of thing shouldn't be allowed. For example, they'd have to allow three-part domain names for whatever.co.uk and similar, yet they shouldn't allow that for .com domains. Maybe they're mistakenly allowing it, and people are taking advantage of that. Normally you couldn't do that since the root DNS servers wouldn't point to your own DNS server, but the roo

      • by Anonymous Coward

        Without reading the article, I'd guess that's EXACTLY what is happening.

        Somebody has added their OWN "sub" domain as a totally separate zone, to the same DN server that the "main" domain is on, so when somebody looks up buy-viagra.4kid... it hits up the DNS for 4kids.... but the server pulls out the buy-viagra.4kids... zone, even though there is no mention of buy-viagra in the official 4kids zone.

        Look for any shared web hosting server, find a domain that has DNS served from that server that you want to hook

    • THIS.

      Came here to explain this. Thank you. WTH are the editors allowing some jerk to post "how are you supposed to ever find out about this?".

      This site looks less like /. every day.

      • by tliston ( 669910 )
        The real question is "how many people actually check this sort of thing?" I would be willing to bet that few, if any, smaller organizations (i.e. ones who have essentially static zone info) ever check the contents of their DNS once it's been set up.
  • This is a "DNS provider answering /any/ hostname request with the A-record of your zone/domain" issue.

    ..!arpa!jamie: ~ % dig veryImprobableHostname-becauseIJustMadeItUp.4kidsnus.com a

    ;; QUESTION SECTION:
    ;veryImprobableHostname-becauseIJustMadeItUp.4kidsnus.com. IN A

    ;; ANSWER SECTION:
    veryImprobableHostname-becauseIJustMadeItUp.4kidsnus.com. 0 IN CNAME 4kidsnus.com.
    4kidsnus.com. 82 IN A 50.73.38.13

    ;

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...