Posted: Tue Sep 02, 2008 3:19 pm Post subject: Web exploit - how might this have happened?
We have fallen victim to a web security incident which has cost us a significant sum of money, and would appreciate views on the methods which may have been used to initiate this.
The incident involves unauthorised access to a web-based postcode lookup service which our customer-facing web applications use. Our web applications make calls to a third-party web service. These calls supply a 7-character postcode, and the web service responds with the associated street address. We are charged per transaction by the suppliers of this web service.
Last month the supplier notified us that an unusually large number of requests were being received, but from our development site's IP address, not our customer-facing web servers (which are externally hosted). The pattern of the requests suggested that some sort of "cleanse" operation was being done - e.g. someone validating a database of postcodes. Postcode lookups were being sent in alphabetical order - e.g. AB1 1AA, AB1 1AB, AB1 1AC, etc.
The obvious conclusion was that this had been kicked off by a developer, but we only have 3 developers and they have all denied knowledge of it.
Could anyone advise on the likelihood that this may have been the result of an external attack? How might someone have initiated this job and used our IP address to execute it?
What sort of measures would people recommend to further explore the source, and to prevent a recurrence?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum