Cilmi-baarayaal ka socda watchTowr Labs ayaa daabacday natiijada tijaabo ku lug leh qabashada adeegga WHOIS ee duugoobay ee diiwaan-hayaha aagga .MOBI. Sababta daraasadda loo sameeyay ayaa ahayd in diiwaan-hayaha uu bedelay ciwaanka adeegga WHOIS, isaga oo ka raray domainka whois.dotmobiregistry.net una guuray martigeliyaha cusub whois.nic.mobi. Isla mar ahaantaana, domainka dotmobiregistry.net wuu joogsaday isticmaalkiisa oo December 2023 waa la sii daayay oo noqday mid diyaar u ah diiwaangelinta.
Cilmi baadhayaashu waxay ku bixiyeen $20 waxayna iibsadeen domainkan, ka dib waxay bilaabeen adeegooda WHOIS ee khayaaliga ah whois.dotmobiregistry.net serverkooda. Waxa la yaab leh waxay ahayd in nidaamyo badan aysan u wareegin martigeliyaha cusub whois.nic.mobi oo ay sii wadaan isticmaalka magacii hore. Laga soo bilaabo Agoosto 30 ilaa Sebtembar 4 ee sanadkan, 2.5 milyan oo codsiyo magacii hore ayaa la duubay, laga soo diray in ka badan 135 kun oo nidaamyo gaar ah.
Kuwa soo diray codsiyada waxaa ka mid ahaa boostada adeegayaal ururada dawladda iyo kuwa militariga ee hubiyey bogagga internetka ee ka muuqda emayllada iyada oo loo marayo WHOIS, shirkadaha amniga iyo goobaha amniga (VirusTotal, Group-IB), iyo sidoo kale hay'adaha shahaadada, adeegyada xaqiijinta bogagga internetka, adeegyada SEO, iyo diiwaan-geliyeyaasha bogagga internetka (tusaale ahaan, domain.com, godaddy.com, who.is, whois.ru, smallseo.tools, seocheki.net, centralops.net, name.com, urlscan.io, iyo webchart.org).
Awoodda lagu diri karo xog kasta iyadoo laga jawaabayo codsiga adeegii hore ee WHOIS ee aagga domainka MOBI ayaa loo isticmaalay in lagu horumariyo dhowr nooc oo weeraro ah oo lagu qaadayo codsadayaasha. Weerarkii ugu horeeyay wuxuu ku salaysan yahay malo ah in haddii qof uu sii wado inuu u soo diro codsiyada adeeg muddo dheer la bedelay, markaas waxay u badan tahay inay sidaas samaynayaan iyagoo isticmaalaya qalab duug ah oo ay ku jiraan dayacan.
Tusaale ahaan, gudaha phpWHOIS ee 2015, nuglaanta CVE-2015-5243 ayaa la aqoonsaday, kaas oo u oggolaanaya koodka weerarka in la fuliyo marka la falanqeynayo xogta gaarka ah ee habaysan ee uu soo celiyay server-ka WHOIS. Tusaale kale waa nuglaanta CVE-2021-2021 ee lagu aqoonsaday 32749 ee xirmada Fail2Ban, kaas oo u oggolaanaya koodka dibadda in la fuliyo marka xogta khaldan ay soo celiso adeegga WHOIS ee loo isticmaalo habka soo saarista digniinta xannibaadda (Fail2Ban waxay go'aamisay iimaylka maamulaha martida loo yahay iyada oo loo sii marayo WHOIS oo ay ku qeexday marka ay socoto boostada amarka iyada oo aan si habboon looga baxsanayn jilayaasha gaarka ah).
Weerarka labaad wuxuu ku saleysan yahay xaqiiqda ah in qaar ka mid ah mas'uuliyiinta shahaadooyinka ay bixiyaan awoodda lagu xaqiijinayo lahaanshaha domain iyada oo loo marayo iimaylka lagu qeexay xogta diiwaan-hayaha, oo laga heli karo nidaamka WHOIS. Waxaa soo baxday in dhowr maamul oo shahaado ah oo taageera habkan xaqiijinta ay sii wadaan isticmaalka server-kii hore ee WHOIS ee aagga ".MOBI".
Sidaas darteed, iyagoo helay xakamaynta magaca whois.dotmobiregistry.net, weeraryahannadu waxay soo ceshan karaan xogtooda, waxay samayn karaan xaqiijin, waxayna heli karaan xogtooda Shahaadada TLS "Dooma kasta oo ku yaal aagga .MOBI." Tusaale ahaan, inta lagu guda jiray tijaabada, cilmi-baarayaashu waxay codsadeen shahaadada TLS ee domainka microsoft.mobi laga bilaabo diiwaan-hayaha GlobalSign, emaylka "whois@watchTowr.com" ee uu soo celiyay adeegga WHOIS ee been abuurka ah ayaa lagu soo bandhigay is-dhexgalka sida loo heli karo si loogu diro koodka xaqiijinta lahaanshaha domainka.
Source: opennet.ru
