Is SETI@Home website under attack?

Message boards : Projects : Is SETI@Home website under attack?
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile kinhull
Avatar

Send message
Joined: 30 Aug 05
Posts: 101
United Kingdom
Message 31170 - Posted: 22 Feb 2010, 16:06:38 UTC

Is SETI@Home under some attack?

I typed seti into a Google search, a couple of minutes ago, and got the following result (sorry no screen shot) - I have tried this a few times with the same result:

http://www.google.co.uk/search?q=seti&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a

SETI@home: Search for Extraterrestrial Intelligence at Home
 
Buy Cheap Viagra Online. Online Drug Shop, Best Prices. Need a product that isn`t in the site? Call US!. 24/7 customer support service!
Boinc - Server status - Statistics - Participate
 
setiathome.berkeley.edu/ - 20 hours ago - Cached - Similar


SETI@home: Search for Extraterrestrial Intelligence at Home
 
Order Generic Viagra Online. Online Drug Store, Secure and Anonymous. Need a product that isn`t in the site? Call US!. Best medications for real men!
setiathome.ssl.berkeley.edu/ - Cached - Similar


Are the Admins aware of this?
JOIN Team ACC
ID: 31170 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15477
Netherlands
Message 31172 - Posted: 22 Feb 2010, 18:52:36 UTC - in response to Message 31170.  

They're aware.
ID: 31172 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15477
Netherlands
Message 31174 - Posted: 22 Feb 2010, 21:51:42 UTC

Official answer.

Eric Korpela wrote:
Thanks, we're looking into it.

The cached pages don't come anywhere close to matching the format that our server sends. I'm guessing that this is a DNS poisoning attack directed at getting ads inserted into cached pages at Google. Of course Google doesn't make it easy to
talk to a person about this. We'll check out our servers to make sure that it didn't actually come from us.

ID: 31174 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5077
United Kingdom
Message 31175 - Posted: 22 Feb 2010, 22:04:07 UTC

I created an account at Google, purely to gain access to the Webmaster tools and report spam. Anyone here would be familiar with the procedure - give a valid email address, and respond to the check email they send.

You don't actually have to own or register a website - I just twisted their tools a bit, so I could submit a report about Google's misrepresentation of SETI's site. The more complaints they receive, the more seriously they (should) take it. No response as yet, though I don't know if/how they would send any response (and the spam is still there).

I tested BOINC itself, and some of the bigger projects, the same way, but SETI was the only affected one I saw. Perhaps all project managers should check their own sites, just to be sure.
ID: 31175 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5077
United Kingdom
Message 31477 - Posted: 9 Mar 2010, 14:19:08 UTC

Project administrators perhaps need to be aware of this BBC Technology News article from the end of last week:

Fake drug scam hijacks UK college websites

UK academic institutions have unwittingly become the accomplices of criminals selling fake drugs online.

A security firm has discovered many organisations using the .ac.uk domain are unknowingly pushing customers to websites offering the fake pills.

The scam exploits software flaws to piggyback on the computing resources of the colleges and universities.

Researchers at security company Imperva believe "thousands" of organisations may have fallen victim.

"It's a pretty successful campaign," said Amichai Shulman, of the firm, which uncovered the targeted attack.

Drug search

Imperva has found that many higher education institutions that use the .ac.uk domain are unknowingly helping customers get through to the spammers' sites.

In most cases, said Mr Shulman, the spammers have exploited vulnerabilities in a widely used technology called PHP. Many organisations use this technology to make websites more interactive.

"They used these vulnerabilities to inject PHP code into the site," said Mr Shulman.

The injected code included search terms associated with drugs such as Viagra, Cialis and many others. Also included was code that spotted when a visitor arrived at a compromised site from Google.

The injected code meant that, when a person searched for drugs online, the universities and colleges web addresses would pop up in the top results. Anyone clicking on the link would then be re-directed to a fake pharmacy peddling counterfeit pills.

At all other times a visitor would get through to the proper site. Typing in a web address would also lead straight to the real site.

"It's difficult to detect sometimes if you just type the link in your browser you get the original content," said Mr Shulman.

The criminals use the technique of piggy backing on legitimate sites to ensure that their websites show up in search engine results.

Mr Shulman said the speed with which sites were being put up and taken down made it hard to get an exact figure for how many sites had been hit. However, he estimated that "thousands" of sites, including many universities and colleges, had been caught out by the drug spammers.

Ravensbourne College of Design and Communication in Kent was one school that fell victim.

"We immediately took action to temporarily close down and remove the compromised area while we resolved the issue," said a spokeswoman for the college in a statement.

"Once we discovered the issue we were able to rectify it quickly, and we believe our site is now secure," she said.

"Some issues - such as the change to the search result text - may still appear on search results while we wait for the search engines to re-crawl the website."

Sounds very similar to the exploit which got through SETI's defences the week before, attacking their .edu academic address.
ID: 31477 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15477
Netherlands
Message 31489 - Posted: 9 Mar 2010, 16:51:30 UTC - in response to Message 31477.  

Post it at the boinc_projects email list.
ID: 31489 · Report as offensive

Message boards : Projects : Is SETI@Home website under attack?

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.