danielcid's comments

Mostly because of sub domains. They are counting all the sub domains requests to give the top domains ranking.

Some of those have many trackers and background sub domains that add up.

For example, Linkedin their most popular sub domain is: px.ads.linkedin.com

Here is a more comprehensive list with top 10k domains (including sub domains):

https://dnsarchive.net/top-domains?rank=top10k

And they are often used with random sub domains as well (but they did not include sub domains in their list).

Ex:

https://dnsarchive.net/search?q=cmidphnvq.com

https://dnsarchive.net/search?q=xmqkychtb

https://dnsarchive.net/ipv4/34.126.227.30

I do the same. 3 different browsers: work, personal and random stuff. Keeping them isolated from each other clears the clutter and my focus when working.

They are also blocking noc.social (another mastodon instance). Wonder if more are impacted.

They are also blocking noc.social (another mastodon instance). Wonder if more are impacted.

And if you are having a hard time finding accounts there, I have been maintaining this tool:

https://search.noc.social/

to search for accounts across all instances.

Recently joined the decentralized social network and struggled to find people to engage and follow.

Since there is no centralization, could not find a easy way to search for accounts.

Built this little tool for myself mostly, but sharing as I think can be useful to others.

Feedback is more than welcome.

We are seeing attacks in the wild for it already. Mostly defacement attempts at the moment.

Marc, the researcher that found it, wrote the technical details here:

https://blog.sucuri.net/2017/02/content-injection-vulnerabil...

thanks,

I managed an open source project (OSSEC) for many years and this was a common question I would hear.

I gave some hints here: http://dcid.me/notes/2013-may-12

That I hope can be useful for you.

thanks,

That's a problem that will only get worse. To give an example, last year, Incapsula recorded ~9,000 IoT cameras attacking them. A few months ago, Sucuri recorded ~25,000.

CloudFlare is seeing close to 50k. And that's the attackers just using a small portion of their real power for http floods.

Our report from a few months ago breaking down the types of cameras and networking doing the attack - very similar to what CloudFlare saw:

https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-...

*I work at Sucuri.

Very fun read. I love following the train of thought and seeing where they "failed".

Also, this Elasticsearch RCE has been patched a while ago and we still see a lot of servers hacked because of it. In fact, there is a DDoS botnet made of only ES servers that we have been tracking.

<unrelated>If you are using Elasticsearch, please patch it!</unrelated>

Good (related) read about this vulnerability by the Trustwave team:

https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-S...

Curious why you say that of Sucuri? Have you tried us recently?

We have some very very large sites using our services now with great performance. During the last 6-12 months we basically rewrote our entire stack, built our anycast network and focused a lot on performance optimization and expanding out services.

You can ping me directly if you prefer too.

thanks!

Daniel Cid (CTO/Founder of Sucuri)