Abaphandi abasuka kwi-watchTowr Labs bapapashe iziphumo zovavanyo olubandakanya ukubanjwa kwenkonzo ye-WHOIS yakudala evela kwi-.MOBI domain registrar. Isizathu sokufunda kukuba umbhalisi watshintsha idilesi yenkonzo ye-WHOIS, eyisusa kwi-domain whois.dotmobiregistry.net ukuya kwi-host host entsha whois.nic.mobi. Ngelo xesha, isizinda se-dotmobiregistry.net sayeka ukusetyenziswa kwaye ngoDisemba 2023 yakhululwa kwaye yafumaneka ukuba ibhaliswe.
Abaphandi bachitha i-$ 20 kwaye bathenga le sizinda, emva koko baqalisa inkonzo yabo ye-WHOIS ekhohlisayo whois.dotmobiregistry.net kwiseva yabo. Yintoni eyayimangalisa kukuba ezininzi iinkqubo azizange zitshintshe kwi-host host entsha whois.nic.mobi kwaye zaqhubeka nokusebenzisa igama elidala. Ukususela ngo-Agasti 30 ukuya kuSeptemba 4 kulo nyaka, izicelo ze-2.5 yezigidi zegama elidala zirekhodwa, zithunyelwe kwiinkqubo ezizodwa ezingaphezu kwe-135 lamawaka.
Phakathi kwabathumeli bezicelo kwakukho neposi iiseva imibutho karhulumente neyemikhosi ejonge iidomeyini ezibonakala kwii-imeyile nge-WHOIS, iinkampani zokhuseleko kunye namaqonga okhuseleko (iVirusTotal, iQela-IB), kunye namagunya okuqinisekisa, iinkonzo zokuqinisekisa idomeyini, iinkonzo ze-SEO, kunye nababhalisi bedomeyini (umz., i-domain.com, i-godaddy.com, i-who.is, i-whois.ru, i-smallseo.tools, i-seocheki.net, i-centralops.net, i-name.com, i-urlscan.io, kunye ne-webchart.org).
Ukukwazi ukuthumela nayiphi na idatha ekuphenduleni isicelo kwinkonzo endala ye-WHOIS yendawo ye-.MOBI yommandla wasetyenziselwa ukuphuhlisa iindidi ezininzi zokuhlaselwa kwabaceli. Uhlaselo lokuqala lwalusekwe kwingcinga yokuba ukuba umntu uyaqhubeka nokuthumela izicelo kwinkonzo ethathelwe indawo ixesha elide, kusenokwenzeka ukuba bakwenza oko besebenzisa izixhobo eziphelelwe lixesha eziqulathe ubuthathaka.
Ngokomzekelo, kwi-phpWHOIS kwi-2015, ubuthathaka be-CVE-2015-5243 ichongiwe, evumela ukuba ikhowudi yomhlaseli iqhutywe xa kucazululwa idatha efomathiweyo ngokukodwa ebuyiselwe ngumncedisi we-WHOIS. Omnye umzekelo kukuchaphazeleka kwe-CVE-2021-2021 echongiweyo kwi-32749 kwiphakheji ye-Fail2Ban, evumela ukuba ikhowudi yangaphandle iqhutywe xa idatha engachanekanga ibuyiswa yinkonzo ye-WHOIS esetyenziswe kwinkqubo yokuvelisa isilumkiso sokuthintela (Fail2Ban inqume i-imeyile yomlawuli womkhosi. nge-WHOIS kwaye uyikhankanye xa usebenzisa i-imeyile yomyalelo ngaphandle kokubaleka okufanelekileyo kwabalinganiswa abakhethekileyo).
Uhlaselo lwesibini lusekelwe kwinto yokuba ezinye iziphathamandla zokuqinisekisa zinika amandla okuqinisekisa ubunini besizinda nge-imeyile echazwe kwi-database yobhaliso lwesizinda, efikeleleke nge-WHOIS protocol. Kwavela ukuba iziphathamandla ezininzi zokuqinisekisa ezixhasa le ndlela yokuqinisekisa ziyaqhubeka nokusebenzisa iseva ye-WHOIS endala ye-domain ".MOBI" yendawo.
Ngoko ke, emva kokuba befumene ulawulo phezu kwegama elithi whois.dotmobirigistry.net, abahlaseli banokufumana idatha yabo, benze uqinisekiso, baze bafumane Isatifikethi se-TLS kuyo nayiphi na idomeyini ekwindawo ye-.MOBI." Umzekelo, ngexesha lovavanyo, abaphandi bacele isatifikethi se-TLS sedomeyini ye-microsoft.mobi kumbhalisi we-GlobalSign, kwaye i-imeyile ethi "whois@watchTowr.com" ebuyiswe yinkonzo ye-WHOIS yobuxoki yaboniswa kwi-interface njengoko ifumaneka ukuthumela ikhowudi yokuqinisekisa ubunini bedomeyini.
umthombo: opennet.ru
