• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Web exploit - how might this have happened?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
itm
Just Arrived
Just Arrived


Joined: 02 Sep 2008
Posts: 0


Offline

PostPosted: Tue Sep 02, 2008 3:19 pm    Post subject: Web exploit - how might this have happened? Reply with quote

We have fallen victim to a web security incident which has cost us a significant sum of money, and would appreciate views on the methods which may have been used to initiate this.

The incident involves unauthorised access to a web-based postcode lookup service which our customer-facing web applications use. Our web applications make calls to a third-party web service. These calls supply a 7-character postcode, and the web service responds with the associated street address. We are charged per transaction by the suppliers of this web service.

Last month the supplier notified us that an unusually large number of requests were being received, but from our development site's IP address, not our customer-facing web servers (which are externally hosted). The pattern of the requests suggested that some sort of "cleanse" operation was being done - e.g. someone validating a database of postcodes. Postcode lookups were being sent in alphabetical order - e.g. AB1 1AA, AB1 1AB, AB1 1AC, etc.

The obvious conclusion was that this had been kicked off by a developer, but we only have 3 developers and they have all denied knowledge of it.

Could anyone advise on the likelihood that this may have been the result of an external attack? How might someone have initiated this job and used our IP address to execute it?

What sort of measures would people recommend to further explore the source, and to prevent a recurrence?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register