Vatsvagiri veWatchTowr Labs vakaburitsa zvakabuda mukuyedza kusanganisa kutorwa kwesevhisi yeWHOIS yechinyakare kubva ku.MOBI domain zone registrar. Chikonzero chechidzidzo chacho chaiva chokuti munyori akashandura kero yebasa re WHOIS, achiifambisa kubva ku domain whois.dotmobiregistry.net kuenda kune itsva host whois.nic.mobi. Panguva imwecheteyo, iyo dotmobiregistry.net domain yakamira kushandiswa uye muna Zvita 2023 yakaburitswa uye yakavepo yekunyoreswa.
Vatsvakurudzi vakashandisa madhora makumi maviri uye vakatenga iyi domain, mushure mezvo vakatangisa yavo yenhema WHOIS service whois.dotmobiregistry.net pane yavo server. Chii chaishamisa ndechekuti akawanda masisitimu haana kushandura kune itsva host whois.nic.mobi uye akaramba achishandisa zita rekare. Kubva Nyamavhuvhu 20 kusvika Gunyana 30 gore rino, 4 miriyoni zvikumbiro zvezita rekare zvakanyorwa, zvakatumirwa kubva kune anopfuura 2.5 zviuru akasiyana masisitimu.
Pakati pevakatumira zvikumbiro paiva netsamba maseva masangano ehurumende nemauto akaongorora madomain ari mumaemail kuburikidza neWHOIS, makambani ekuchengetedza uye mapuratifomu ekuchengetedza (VirusTotal, Group-IB), pamwe nemasangano ekupa zvitupa, masevhisi ekusimbisa madomain, masevhisi eSEO, uye vanyori vemadomain (semuenzaniso, domain.com, godaddy.com, who.is, whois.ru, smallseo.tools, seocheki.net, centralops.net, name.com, urlscan.io, uye webchart.org).
Kugona kutumira chero data mukupindura kuchikumbiro kune yekare WHOIS sevhisi ye.MOBI domain zone yakashandiswa kugadzira akati wandei ekurwisa kune vanokumbira. Kurwiswa kwekutanga kwaive kwakavakirwa pafungidziro yekuti kana mumwe munhu akaramba achitumira zvikumbiro kune basa rakatsiviwa kwenguva refu, saka vangangodaro vachishandisa zvishandiso zvechinyakare zvine hurema.
Semuyenzaniso, muphpWHOIS muna 2015, CVE-2015-5243 kusagadzikana kwakaonekwa, izvo zvinobvumira kodhi yeanorwisa kuti iitwe kana ichidhirowa data rakarongwa rakadzoserwa neiyo WHOIS server. Mumwe muenzaniso ndeyekusagadzikana kweCVE-2021-2021 yakaonekwa muna 32749 muFail2Ban package, iyo inobvumira kodhi yekunze kuti iitwe kana data risiri iro radzoserwa neiyo WHOIS sevhisi inoshandiswa mukugadzira yambiro yekuvharira (Fail2Ban yakasarudza email yemutungamiriri. kuburikidza neWHOIS uye akaitsanangura paunenge uchimhanyisa tsamba yekuraira pasina kupukunyuka chaiko kweakakosha mavara).
Kurwiswa kwechipiri kunobva pakuti zvimwe zviremera zvitupa zvinopa kugona kuratidza muridzi wedomasi kuburikidza neemail inotsanangurwa mudura registrar dhatabhesi, inowanikwa kuburikidza neiyo WHOIS protocol. Zvakazoitika kuti zviremera zvakati wandei zvinotsigira iyi nzira yekuongorora zvinoramba zvichishandisa iyo WHOIS server ye ".MOBI" domain zone.
Saka, mushure mekunge vatora simba pamusoro pezita rekuti whois.dotmobirigistry.net, varwisi vanogona kutora data ravo, kuita ongororo, uye kuwana Chitupa cheTLS kune chero domain iri mu .MOBI zone." Semuenzaniso, panguva yekuedza, vaongorori vakakumbira chitupa cheTLS che microsoft.mobi domain kubva kuGlobalSign registrar, uye email "whois@watchTowr.com" yakadzoserwa nebasa rekunyepedzera reWHOIS yakaratidzwa mu interface sezviripo yekutumira kodhi yekusimbisa muridzi wedomain.
Source: opennet.ru
