11-02-2015, 03:18 PM
What improvements have been made to the security used
for public instances?
At least one public instance has had a trojan dropper
installed. For the curious, look for the service "syshost32"
and a windows firewall rule "core networking - ip stack".
The rirewall rule allows any protocol, on any port and any
address. Translation: wide open.
The result will be lots of UDP traffic, presumably to
command and control centres.
The requirement that webpagetest agents run with admin
permissions and wide open browsers settings is no doubt
a huge security threat to the machine and the network it
sits on.
Less damaging, but still annoying is seeing the machine
being abused by rapid fire "tests" which are nothing more
than a means of driving up page views for small time
web sites showing banners and youtube videos.
So what can be done to secure a public instance to avoid
a repeat performance?
+++
for public instances?
At least one public instance has had a trojan dropper
installed. For the curious, look for the service "syshost32"
and a windows firewall rule "core networking - ip stack".
The rirewall rule allows any protocol, on any port and any
address. Translation: wide open.
The result will be lots of UDP traffic, presumably to
command and control centres.
The requirement that webpagetest agents run with admin
permissions and wide open browsers settings is no doubt
a huge security threat to the machine and the network it
sits on.
Less damaging, but still annoying is seeing the machine
being abused by rapid fire "tests" which are nothing more
than a means of driving up page views for small time
web sites showing banners and youtube videos.
So what can be done to secure a public instance to avoid
a repeat performance?
+++