Commission Junction Security Hole Discovered

Jul 22, 2005 - 4:28 pm 0 by

T0PS3O sent me a PM about this thread at DigitalPoint forums. The thread uncovers a security loophole in CJ's template repository management system. It was discovered when a DigitalPoint member asked;

When I check my site log stat. I found this dns ace.cj.com with ip address 216.34.209.23. It crawl every pages of my site. Are you familiar with it?

After more digging, one found the issues:

1. They have this machine publicly-accessible (it's not their main web server, somebody actually put in on the outside). 2. This apparently wasn't enough publicity for them and somebody ran/running a crawler on this machine, which identifies the machine to all the sites it's visiting. 3. There's no authentication of any kind for this system.

More information at the DigitalPoint thread.

 

Popular Categories

The Pulse of the search community

Search Video Recaps

 
- YouTube
Video Details More Videos Subscribe to Videos

Most Recent Articles

Search Forum Recap

Daily Search Forum Recap: April 22, 2025

Apr 22, 2025 - 10:00 am
Google Ads

Google To Allow Same Advertiser To Show Ads In Top Ads & Bottom Ads

Apr 22, 2025 - 7:51 am
Google

Google Tests Shaded Blue Gradient Site Name & Favicon

Apr 22, 2025 - 7:41 am
Google Maps

Google Local Panel Tests Get There & From Your Location

Apr 22, 2025 - 7:31 am
Bing Search

Bing Copilot Answers Tests Read More Link

Apr 22, 2025 - 7:21 am
Google Ads

Google Ads PMax Campaigns 90 Characters Of Text For All Descriptions

Apr 22, 2025 - 7:11 am
Previous Story: Brazilian Use Orkut as Drug Selling Network