Tag Archives: Website

WordPress GET Requests Flood?

March 11, 2013 17:30 | 2 Comments |

Flow WarningLet me share this story with you. I faced a strange incident last Saturday. My web server was flooded with thousands of GET HTTP requests generated by WordPress blogs. Those connections apparently seemed legit. The “attack“, let’s call it like this in a first time even if I don’t think it was one, occurred Saturday PM between 17:00 & 18:00 PM (GMT+1). A first bunch of requests hit the servers starting from 15:54 and the real food occurred one hour later as you can see on the timeline below.

Attack Time Window

Attack Time Window

The biggest peak of requests was around 325 connections/second. Enough to put my server in trouble but not enough to conduct an real attack. That’s why I’m thinking about a misconfiguration. Another clue that helped me to categorize the incident: it was very (too?) easy to block. The traffic was easy to catch via a simple pattern. How did I detect the problem? I was notified by my tools in place:

  • High CPU usage and low free memory on the web server (health monitoring)
  • Unusual HTTP traffic (log management)
    • Amount of traffic originating from same IPs
    • Number of requests/sec (behavior)

The received requests were very simple and hit only one of the websites hosted on the box (www.leakedin.com):

41.203.18.72:36261 - - [09/Mar/2013:15:54:20 +0100] "GET / HTTP/1.0" 200 33393 "-" "WordPress/3.5; http://www.finserv.co.za"

Nothing suspicious in the payloads, even mod_security did not fired any alert during the flood! I also had time to capture some traffic into pcap files, nothing wrong except the amount of requests. Once the problem identified, my first priority was to come back to a stable environment (containment). My first idea was to block all “bad” requests based on the User-Agent. The UA were those used by WordPress: “WordPress/<version>; <blog_url>“. This simple Apache configuration did the job:

SetEnvIfNoCase User-Agent WordPress block
<Directory "/xxxx/xxxx/xxxx">
    Order allow,deny
    Allow from all
    Deny from env=block
</Directory>

It worked during a few minutes but this quick fix only prohibited the remote hosts to grab data from the server. All requests were still processed and returned a 403 instead of 200 error. The second idea was to limit the number of concurrent sessions allowed for www.leakedin.com. This was implemented via mod_bandwidth:

<Directory "/xxxx/xxxx/xxxx">
    BandWidthModule on
    MaxConnection all 10
</Directory>

This time, it was successful and the situation came back to a stable (managable) server. Time for investigations! I extracted useful data from my log files and did some researches. First, some stats:

  • 761395 GET requests
  • Coming from 624 unique IP addresses
  • Coming from 562 different blog addresses (grabbed from UA strings)
  • Coming from 28 different WordPress versions (non obfuscated)

The amount of hits per IP addresses was stable as seen in the char below. The first IP addresses hosted more than one blog (shared platform).

Hist per IP Addresses

Hits per IP Addresses

Where are those websites came from?

WordPress Map

(Click to enlarge)

The logged IP addresses were indeed the one of the blogs mentionned in the UA strings (not fake).  What about the different blogs? They were not compromized (I just tested some using urlquery.net) and are alive. The content does not help me to understand the issue: different languages, multiple topics, most of them are not related to IT or close to leakedin.com. I searched for “leakedin.com” on them, no hit returned!

Having multiple versions of WordPress (from very old to the latest one) tend to prove that it’s not an exploit. Some blogs that I visited were not updated since 2011! What was the origin of this problem? I don’t have a clue. If you have more information or ideas to share, feel free to post comments!

A final remark: The number of outdated WordPress versions is impressive! The oldest one detected was 2.8.3!

Posted in: Incident Management | Tagged: ,

The Cobbler’s Children Go Barefoot Also in Security

January 30, 2013 21:58 | Leave a Comment |

Open lockThe title of this quick post says all… evenmore in the security field! This story has been reported by a friend of mine. His wife would like to dispute a transaction made with her credit card. Never a funny story but it may always happen! (my own card was also compromized two years ago even if I use it always very carefully). She called the help desk of the card provider and was redirected to a nice website called “www.macarte.be“. Here again, that’s a classic process, companies tend to simplify procedures and to ask the customer to help himself.

Basically, the website contains a lot of useful information about payment cards. You could see it as a big “FAQ“. The website also give some tips to use your cards in a safe way. That’s important, security is crucial in the payment card industry! Of course, they give warnings about transactions on the Internet:

Screenshot

(Click to enlarge)

For my readers who do not understand French, they give here the classic advice:

“A safe website can be identified by the small closed lock displayed by Microsoft Internet Explorer or a key displayed by Netscape Communicator in the lower-left corner. The URL has also an extra letter ‘s’ and looks like ‘https://www…”

(Note to the webmaster: Netscape Communicator is considered as dead for years…)

As you, infosec professionals, I know that this small lock or key does not mean nothing but for Mr John Doe (or my parents), it’s an easy way to identify a “safe” website. For me, the problem is the following: On the same website, people are able to fill a form to complain about a suspicious transaction. They are asked to give for a huge amount of information:

Form

(Click to enlarge)

And guess what? The website is running in full HTTP! Innocently, I tried manually to connect via SSL by adding the magic small “S” (just in case they forgot to implement a redirect), no luck! Is it not worth the price of a SSL certificate? GoDaddy.com, 3.89€/y!

Posted in: Belgium, Security, Websites | Tagged: , ,

Kicking Out Bots with ModSecurity

August 9, 2012 17:49 | 3 Comments |

Bot KillerIf you are the administrator of an online forum, a wiki or any website which accepts user data, you problably also know this feeling: Bots are a pain and fighting them looks like an endless loop! Your websites are constantly scanned by bots which try to create fake accounts then pages with spam. They are thousands (millions?) of computers on the Internet which scan community websites like yours. Often it’s just to optimize the ranking of websites in search engines. Nothing dangerous but very annoying for your regular visitors. There exists lot of techniques to fight against bots and reduce the chances for them to create accounts but it’s a recurrent problem. They become more and more sofisticated and tend to escape classic checks. They are plenty of protections available.

Some examples:

  • Use domains or IP addresses blacklists?
    →Forget this, totally unmanageable
  • Use a blacklist of User-Agents?
    →They use UA from well-known browsers (same problem as above)
  • Check the HTTP Referrer?
    →They follow the regular registration path and do not access directly the registration page
  • CAPTCHA?
    →That remains the most common way to reduce spam but…

In the world of CAPTCHA, the Rolls-Royce remains reCaptcha (developed by Google) even if it has already reported as broken several times. True or false? From my personal experience, I already saw in my logs accounts created by bypassing this test! They are tons of other CAPTCHA implementations:

Examples ot CAPTCHA

(Click to enlarge)

Alternatives to text recognition exists like the Microsoft project ASIRRA which asks the user to identify cats amongst dogs. Others ask to resolve simple mathematic expressions (they are broken too) or ask to answer a simple question like “What’s the color of a banana?“.

A few days ago, I was dealing with an huge increase of fake accounts created on one of the BruCON wiki’s. Some bots successfully bypassed the CAPTCHA system in place. I asked for some help on Twitter and received an interesting reply from lcx_at. I investigated his suggestion and implemented it. The proposed technique is to define a hidden field and check with ModSecurity (or any other WAF) if it contains some data.

Honestly, I’m not a big fan of WAF (“Web Application Firewalls“). Why? There are often seen by developers as an ultimate protection and they reinforce the idea that they don’t have to care about security (“No worries, we have a WAF!“). For me, a WAF is used in very specific cases:

  • Protect legacy applications which cannot be easily moved/upgraded to a new platform
  • Temporary protect websites against new threats (while developers are fixing their code or a patch made available by a vendor)
  • Reduce security costs if applications to be protected require a huge amount of money for maintenance.

And also to protect against bots! Let’s see how…

First, in your registration form, add a new input field and hide it using a CSS. Be sure to use “{display:none}” to not break the page design:

<style type="text/css">
 div .AntiBot {display:none;}
</style>

<td><div class="AntiBot">
  <input name="AntiBot_RmBo9X20Yo" type="text">
</div></td>

Assign a unique name to your input field, this will make your life easier for detection and reporting. Then, create a ModSecurity rule which will block all POST requests with a value added to the hidden field:

SecRule ARGS:AntiBot_RmBo9X20Yo "(\S+)" \
        "auditlog,deny,log,msg:'Denied user creation by a bot'"

The rule says: in POST request, inspect the argument called “AntiBot_RmBo9X20Yo” and if it contains any caracter, deny the request and log it using the provided message. More details about ModSecurity rules are available here.

A regular user (human) will not see the hidden field and leave it empty. On the other side, some (intelligent) bots parse the HTML code and automatically fill all the detected fields. Here is an example of request performed by such a bot. It submitted our field with a value of “Create+account“:

--9924cd21-C--
wpCaptchaWord=xxx&wpCaptchaId=440890724&wpName=xxx& \
wpPassword=3xxx&wpRetype=xxx&wpEmail=&wpRealName=& \
wpRemember=1&AntiBot_RmBo9X20Yo=Create+account& \
wpCreateaccount=Create+account& \
wpCreateaccountToken=e36684c69e31b655b56a00f3254f48cf
--9924cd21-F--
HTTP/1.1 403 Forbidden
Vary: Accept-Encoding
Content-Length: 211
Keep-Alive: timeout=15, max=256
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Result: access denied with an HTTP/403 error! Since the implementation of this check, I blocked an everage of two requests per day. This is of course not bullet-proof but if it can reduce the bot traffic by a few percents, I’m already happy.

This post is also a good opportunity to demonstrate that the goal of a WAF is not to be deployed with its standard configuration. It could be a wonderful tool but requires fine-tuning and customization…

Posted in: Security, Software | Tagged: , , ,

The Side Effect of Typo Errors

June 9, 2012 18:33 | Leave a Comment |

Spell ItTypographical errors (or ‘typo’ in short) are very common since the invention of printing press. It started with people inverting block letters in movable type. Still today, we can find plenty of them in books, newspapers or any other visual media, but also on the Internet. In classic(old) medias, this has no major impact but on Internet this could have side effects like redirection to websites with unexpected content (adult, ads) or security issues.

This is very old but typosquatting or URL hijacking is a very old way to attract visitors to websites they should normally never visit. It’s simply due to the fact that people type quickly on their keyboard without re-reading what they just typed or due to the keyboard layouts which can introduce errors by typing a key next to the one you should use.

Common examples are:

  • gooogle.com (extra characters added)
  • orqcle.com (mismatch between QWERTY and AZERTY keyboards)
  • micros0ft.com (mistyped characters)
  • yaho.com (missing characters)

Another common typo error is to use an alternative TLD (“Top Level Domain“). But what could be the impact of typosquatting? How to measure it? Here follows a good example.

Except if you’re living on the moon, you are aware that linkedin.com suffered of a major security breach this week. 6.5M passwords have been leaked on the Internet. Just after the announce of this incident, some people deployed websites to help people to detect if their password was leaked or not (some of them were good sites, others were fake with only one goal: collect more passwords – but it’s another story). One of those sites was called: leakedin.org:

leakedin.org

leakedin.org

I like the expression “leakedin” and I registered the domain leakedin.com in 2009. A few months ago, I started to re-use it for a new blog. So, what happened? The Twitter hashtag #leakedin spread quickly on Wednesday 6th of June and people started to visit my blog (.com) instead of the right one (.org). Besides the fact that this had an impact on my server load, it’s interesting to see some statistics. First, people came mainly from the United States but also from all over the world:

Visitors Locations

Visitors Locations

More than 95% were new visitors which proves that they landed on my site “by mistake”. The top-three sources were:

  • 45% : Direct access (people typed the URL in this browser – human error)
  • 39% : Google (once a bad URL indexed, it’s too late!)
  • 10% : slate.com

Slate.com? Indeed, in his article, a journalist made a reference to my site instead of the right one:

And if your password wasn&rsquo;t among those &ldquo;
<a href="http://www.leakedin.com/">cracked and leaked</a>,&rdquo;
did that mean you were safe?</p>

Finally, here is the visual effect of this story on my site. I’m still receiving traffic but the buzz seems over ;-)

The Effect of Typosquatting

(Click to enlarge)

Conclusion? The side effects of typosquatting or typo errors can’t be ignored. You can become a target with multiple consequences (bandwidth consumption, server downtime, slow response times, …). This is called the Slashdot effect. From a malicious point of view, it’s less and less easy to register domain names closed to the official ones for big organizations or brands. Most of them are already registered (sometimes by the brand owner to keep control of them). But attacks remain possible by spreading wrong URLs across social media (using URL shorteners) to attract visitors.

 

Posted in: Social Engineering, Websites | Tagged: , , ,

mysql.com pwn3d… so what?

March 28, 2011 09:47 | 3 Comments |

Pwned MySQLThis is probably the breaking news of this weekend on security blogs and websites: mysql.com and other related sites have been compromised! This was disclosed via an e-mail sent to the full-disclosure mailing list (copy here). If you take the time to read the message, you will learn that the site was victim of a blind SQL injection. Wait… “MySQL“, “SQL injection“? For me, this is a funny story, nothing less, nothing more. mysql.com MySQL database pwn3d… so what?

Basically, it’s a vulnerability like many other websites suffer. MySQL is just a “tool” used to keep data organized. The way it is implemented and used is the responsibility of administrators, developers and security guys. Could Smith & Wesson be responsible if one of their employee shoot himself with a weapon assembled in their factory? Again, the lessons learned with this breach must make the developers more aware of security. You may choose to deploy the ultra-high-security-product but improperly configured or used, it will fail.. like any other! Consider the security level of a product like a reputation: you’ll take days to build something strong and it could take a few minutes to be destroyed.

It could have been worse if the attacker found a major breach in the MySQL code or replaced the MySQL official source code with a trojaned version! MySQL is a major component of millions of websites and applications. But in this case, as far as we know, this did not happen (yet). It looks that sun.com was also compromised. And no feedback from Oracle: Checked mysql.som, oracle.com, no mention of the incident…

 

Posted in: Security, Software | Tagged: , , , , ,

You Like? Spammers Like You Too!

March 11, 2011 00:56 | 1 Comment |

I Like Our best worst friend Facebook is full of resources. Not only for attackers but also spammers. The “I like” button became very popular on many personal (blogs) and professional websites.

Basically, the purpose is simple and efficient: If you are logged on Facebook and visit a website which proposes an “I Like” button, by clicking on it, a link will be automatically added on your Facebook wall. This is a nice tool for webmasters which can promote their content to a huge audience without many efforts.

But, it seems that some malicious webmasters are hiding this Facebook feature behind other buttons like video players or any other object thanks to some CSS code. Example:

  <fb:like href="http://www.my-very-nice-site.com/ads"
           width="20"
           action="like"
           layout="button_count"
           id="liframe1"
           style="opacity:0;filter:alpha(opacity=0);">
  </fb:like>

By playing with the proprietary “opacity“, it is possible to render an invisible button. It seems that web developers already reported this issue. But, from a privacy point of view, this “feature” could have huge impacts for the Facebook users. Let’s imagine that you visit an adult website and watch some hot videos. If the same technique is implemented, they will be linked on your wall. This could also be a nice social-engineering technique. If you can display information on someone’s wall, they are chances that the link will be also visited by his/her friends. Take care!

How to

Related source:

Posted in: Websites | Tagged: , ,

URL Filtering with Squid

January 18, 2011 23:33 | 6 Comments |

Web FilteringNext to my digital life, I’m also the happy father of two young girls. The first one is already ten years old and smoothly discovers the “Wonderful Internet“. Being an Infosec guy, it sounds logical for me to implement some safeguards.

First, let the technical stuff aside and talk! Some security awareness is always good. The first lesson was to learn how to use a password and  not share it with her sister. It must be seen like a game! Both have their own access on the family laptop. Then, discuss with your children and explain, using simple words, what the Internet is and what they can find: the best as the worst! Communication is the key.  Countermeasures will not be efficient if you don’t explain the reasons. For me also, two golden rules:

  • Do not let the children use the computer in a closed room. Shoulder surfing is good in this case.
  • If they find something “strange”, encourage them to report it to you and to not be afraid to “ask“.

Unfortunately, it won’t take time before the children will experiment and try to break the rules. Risks are big to find nasty stuff. So, how to protect them and keep an eye on their online activity? Let’s use open source software! I’m not a big fan of the  commercial parental control solutions for several reasons. Why pay if you can build something for free? We have at home more than one computer, not always running Windows. Finally, I can integrate the alerts in my personal SIEM (read “OSSEC;-) ).

Disclaimer: this setup will protect your children from unappropriated content but has also limitations. It can be used as a starting point in a corporate environment but it must be hardened. It could be easily bypassed by experienced people.

Step one, installation of Squid. This software is the number-one proxy cache that supports multiple protocols. Squid is available as a package on many Linux distributions. The installation is pretty straight forward. The out-of-the-box configuration will work for most of the environments. But one big choice must be made: how will you tell the browser to use the proxy? In corporate environments, you can use a GPO, a ProxyPAC files but at home? You can manually configure the proxy settings in the browser but it could be disabled once they will parse the menu. Do not underestimate them! My choice was to use Squid as a transparent proxy. At firewall level, all the web traffic (as well as other protocols) is redirected to the Squid box. My firewall is based on pf. The traffic redirection is done via a simple rule:

  ...
  proxy_protocols = '{80, 443, 8080, 8000, 21}'
  int="fxp0"
  rdr pass on $i inet proto tcp to any port $proxy_protocols -> $i port 3128
  ...

Step two, installation of SquidGuard. Squid has a nice feature called “URL rewriting”. You can pass all URLs processed by Squid to an external program.

  url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf

SquidGuard works like this. All URLs are passed to SquidGuard which compares them against a database. If one of them matches a blacklist condition, a default URL is returned (which will display a warning or any other protection). SquidGuard is easy to compile and install, just follow the INSTALL file.

Step three, setup your policy. For a successful protection, SquidGuard must rely on a strong database. Two approaches are available: working with a whitelist or a blacklist. The first one will be more easy to build but very restrictive. Don’t forget that modern web services are often split across multiple platforms. It will quickly become a nightmare to maintain such a list. Blacklists contain a list of prohibited URLs. In this case, there are always risks to see new sites not listed. My choice was to implement a blacklist. Here again, commercial lists are for sale on the Internet but let’s try to keep the solution free of charge. After some investigations, I found a nice blacklist maintained by the University of Toulouse, France. The blacklist contains the following categories of “bad” sites:

Category Referenced Sites
adult 996483
agressif 340
audio-video 1934
blog 423
cleaning 158
dangerous_material 38
drogue 901
financial 76
forums 203
gambling 717
hacking 293
mobile-phone 35
phishing 63516
publicite 1301
radio 150
redirector 51399
strict_redirector 51183
strong_redirector 51183
tricheur 35
warez 701
webmail 86
games 8443
mixed_adult 107
filehosting 732
reaffected 8
sexual_education 13
shopping 137
dating 3111
marketingware 180
astrology 25
sect 144
celebrity 642
manga 596
child 17
malware 234609
press 38
chat 210
remote-control 14

Another big advantage of this selection of sites: They contain lot of French websites (my daughters speak French). Once you downloaded the blacklists and compiled them (to speed up the lookups), it’s time to create your policy. SquidGuard is powerful and can restrict/allow access based on the time, the source IP address, the authenticated user. In my home setup, the proxy is transparent. IP addressed are assigned via DHCP. By using fixed leases, it’s possible to allow all the traffic from those IP addresses. Here is a sample of my configuration:

  #
  # CONFIG FILE FOR SQUIDGUARD
  #
  dbhome /data/squid/squidGuard/db
  logdir /data/squid/log
  dest porn {
    domainlist      porn/domains
    urllist         porn/urls
    log             blocked.log
  }
  # --- All categories are configured as "porn" ---
  src trusted {
    ip 192.168.254.1-192.168.254.10
  }
  acl {
    trusted {
      pass all
    }
    default {
      pass !porn !agressif !astrology !celebrity !chat !child !dangerous_material \
           !dating !drugs !filehosting !financial !forums !gambling !games !hacking \
           !malware !manga !marketingware !mixed_adult !mobile-phone !phishing \
           !publicite !reaffected !redirector !remote-control !sect !sexual_education \
           !strict_redirector !strong_redirector !tricheur !warez !webmail all
      redirect http://proxy.home/block.php?clientaddr=%a&targetgroup=%t&url=%u
    }
  }

This configuration will allow an unrestricted access to the 10 first IP addresses of the subnet. All other users (dynamic IP’s) will have all the categories restricted. Blocked websites will be logged to the “blocked.log” file. I don’t use authentication for two reasons: first, it’s not supported by Squid in transparent mode. Second, I don’t want a double authentication on the computer. When an URL is rejected by Squid/SquidGuard, the following page is displayed in the browser:

Blocked Site

(Click to enlarge)

To serve this page, a small Apache instance must be available in your network.

Step four, setup the alerts. Squid can now prevent my kids to access nasty content but I don’t have time to keep an eye on the generated logfile. Why not use OSSEC to notify me when an URL has been blocked? Here is an example of event generated by SquidGuard:

2011-01-17 17:33:53 [9039] Request(default/porn/-) http://playboy.com/ 192.168.254.240/- - GET REDIRECT

Add the new logfile in the list of files to monitor at agent level and create a new alert:

  <!-- SquidGuard Alert -->
  <rule id="100026" level="7">
    <regex>^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d [\d+] Request\.</regex>
    <description>Unauthorized URL blocked by SquidGuard</description>
  </rule>

This solution will prevent your children from most bad sites until… they will find other ways to access online resources. Don’t underestimate them! Are you ready to play the cat & mouse game? ;-)

Posted in: Net, Security, Software | Tagged: , , , , ,

Web Scanning Comes to the Cloud…

January 8, 2010 21:08 | 4 Comments |

iiScan is a new on-line vulnerability scanner for websites. It is developed by a Chinese company called NOSEC Technologies [Note: I found the name funny for a company which develops a security solution]. What’s new with iiScan? It is based on a cloud-computing!

The service is free but you have to register before being authorized to scan websites. The registration procedure is simple but requires an invitation code. Is it temporary or definitive? I don’t know. Invitation codes are quite easy to find on Twitter or security mailing lists. Every new registered user get five invitations to redistribute to friends.

Once logged in, the management interface is very simple. Three menus are available on the left:

  • Task Management – To create new tasks (scans) and manage them.
  • Domain Management – To manage your websites (called here “domains”).
  • User Management – To manage your account and invitations.

The procedure to scan a website is very simple. Step one, create the new domain (basically the URL you would like to scan). HTTP & HTTPS protocols are supported but I read posts on mailing lists which report some problems with HTTPS. To complete the domain creation, a file called “test.txt” must be created in the root of your website. It must contains the hash code generated by iiScan. This is a protection to prevent abuses of the service (like pen-tests or flooding other sites).

Once the domain created, the second step is to create a new task. Here we can specify which type(s) of tests to conduct against the website:

  • All
  • Blind SQL Injection
  • CGI
  • Dir bruteforce
  • File Check
  • SQL Injection

Finally the defined task can be managed in the last step: To start or to stop a scan, to check its status and to display the final results. Reports are available in HTML or PDF formats.

(Click to enlarge)

The interface has lot of translation problems. Often, Chinese characters are mixed with English words. In the reports, overviews are given in English but the details remain in Chinese (even if the visitor language can be selected at the bottom of the screen). I filled a bug report to report this but still no feedback after two days.

But what about the quality of the scans? I executed two scan against personal websites. In the first one, a real problem was found (a file was still available after a software upgrade). The second scan gave bad results. Why? For every non-existing file (HTTP 404 error), the website redirected to the home page. This caused loops and I canceled the scan after 14 hours! Otherwise, except the unavoidable false positive errors, the scanner did its job quite well. Note that the scanner does not send requests in burst to not be too intrusive and uses a specific user-agent (“Mozilla/4.0 (
compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) NOSEC.JSky/1.0“). This can be useful to review your logs and analyze the HTTP request generated by the scanner. The iiScan website maintains statistics for your own scans but also global statistics:

(Click to enlarge)

To conclude, iiScan is a nice tool for webmasters who would like to test their websites. For the other who need to conduct more targeted attacks, the classic tools remain mandatory!

Posted in: Security, Websites | Tagged: , , ,

There is no smoke without fire!

January 6, 2010 16:23 | Leave a Comment |

(Source: pcworld.com)

One more time, companies asked the help of the Justice to fight against Google. This time, the Google Suggest tool is the target. This service is quite simple and you probably use it on a daily basis. When you type your search terms in the search engine, Google offers keyword suggestions in real time. Google Suggest is certainly not bullet-proof and can sometimes give funny results.

Funny or injuring results? Google has been convicted of injury by a French Tribunal (it looks like the French Justice is quite busy at the moment). The complainant company blamed Google to suggest a combination of the company name and the word “arnaque” (“scam” in English). After some months of fight between the parties, Google removed the association.

I won’t join any side in this story. Google can be the worst evil and I don’t know this French company. But, there is no smoke without fire! If Google suggested this query, it means that the Google bots found some references in blogs and forums about this company and complaining customers. This reminds me the story of the Belgian jeweler who had a very bad publicity in the Internet a few months ago.

When companies will realize that there is “live” on the Internet? Dad’s static website containing your filtered own information is over! Customers exchange information about your company on the Internet, potential customers looks for more information. Keep an eye on your online reputation!

Posted in: Business, Websites | Tagged: , , , , ,

Damn! I’ve been Discovered!

January 5, 2010 16:39 | 1 Comment |

No, no, I didn’t perform a SQL injection attack against the FNAC website! ;-) (Thanks to Bart for the idea)

Posted in: Fun, Websites | Tagged: ,