Comments on blogs and its Security Threats

Well!!! comments are indeed a very vital and encouraging factor for each and every blogger.We also comment on blogs/sites of our niche and it is also recommended to comment on atleast 10-12 blogs/sites each day.But while commenting we tend to forget the security threats we may encounter while commenting on a site or blog.A simple comment that you drop on a blog/site can endup in compromising your box.So,in this post I will try to bring out the security threats you may encounter while commenting on a blog/site.
Nowadays almost all web pages have their own Ipaddress tracking mechanism or any third party tracking mechanism installed by which they can track the visitors.

Suppose that you comment on a blog/site with your naked Ipaddress(without hiding or masking) then it get logged with the administrator along with the OS you are using and the browser version and many more.These facts when exposed to someone can certainly be very risky and dangerous.The attacker may use the following steps to get into your box

1.FootPrinting: Gaining necessary information about the box

2.Port Scanning: Scanning for the open ports.

3.Banner Grabbing: Get the version about a desired service running on the box.

4.Vulnerability search: Search an exploit for the a particular version of a desired service.

5.Use exploit to penetrate: Use the exploit to get in the box and own it.

Suppose you are commenting on a Wordpress blog see what information the admin logs about you,as shown in the screenshot below.
(WordPress Account screenshot)

In the above screenshot you can see the admin gets your browser details along with your Ipaddress.

Similar if you are commenting on a Blogger blog with a third party tracking tool installed then see the below screenshot below.
(Blogger third party tracking Tool)

Suppose the admin have your Ipaddress he/she can follow the above mentioned steps,below I have shown only the portscanning with Nmap and see how it reveals the opened ports on the target.
(Nmap Screenshot:Port Scanning)

Countermeasures:
 So I recommend while commenting on any webpage do use a VPN or Proxy(Socks is good) to mask your real Ipaddress.
Comments on blogs and its Security Threats Comments on blogs and its Security Threats Reviewed by Satyajit (Admins,a.k.a Satosys) on Wednesday, December 29, 2010 Rating: 5

10 comments:

Rakesh Kumar said...

Well, i was not aware from these threats. Thanks for updates.

Saket Jajodia said...

So how can we keep our self safe from this?

Rafay said...

Open proxies such as socks and https type proxies are a good option but some times they are opened for a specific purpose and some of them are actually honey pots used to monitoring purposes, So they are not a good option to use, VPN are good options but they slow your Internet speed, The best way to avoid these types of attacks is to keep your system upto date install latest updates and Use a good Firewall

Rafay Baloch

Satyajit (Admins,a.k.a Satosys) said...

@Saket Its simple be always with latest software and firewall and do mask your naked ipaddress when ever you comment on any page.... :)

@Rafay yeah I agree with you....firewall is a must....and masking of naked ipaddress can add an extra level of security... :)

keep visiting.

Saket Jajodia said...

@Satyajit How do I mask them?

Satyajit (Admins,a.k.a Satosys) said...

@Saket you can use any proxy tool or a VPN.... :)

ananthnag said...

You mentioned some good points out there and yeah they are worth following...thanks for this post...keep writing

silvia said...

I didn't new that and often do a lot...Thank you sir for your good guide:-)

Sigorta Hesaplama said...

Good write is Like...

rahul said...

sir
how can we know whether its safe to comment on a website or not?? is there any specific method or code and any particular precaution that could be taken to avoid these attacks.

Powered by Blogger.