StopBadware volunteer BadMal has been tracking a type of exploit that can affect sites on shared hosting services, and helping users in StopBadware's discussion group learn about keeping their sites and computers clean. He graciously offered to share his analysis and advice here. (Please note that guest blog posts are independently written by members of our community, and do not represent official positions of StopBadware.org.)

"Man-in-the-Middle Exploits; what they are and how to STOP them" by BadMal

Most of us defend our PCs, websites and servers with an increasing
variety of "anti" tools; however it is equally important to understand
how or where an assault comes from. So when personally considering
your own PC or Internet security this takes a proactive offensive view "I can do something to STOP..." rather than a passive "hiding in the
bunker " defensive position. The best form of defense is offence?

The main route for many web site hacks, defacement, and denial of
service (DDoS) attacks is Man-in-the-Middle (MITM) exploits. It is a
very easy concept to understand for all of us; consider an unknown
person is able to read, insert and modify at will, messages between
two parties without either party knowing that the link between them
has been compromised. It has a very techie background for those who
want to know more - check out Wikipedia for the background or
definitions. Here I will solely deal with a pragmatic approach of what
you can do to STOP any MTIM.

Firstly a healthy element of paranoia helps, consider from the PC you
are reading this article with, what possible connections are there?
Home or office network, local ISP, regional backbone routers,
international re-routers, DNS servers, server farms, ad networks, web
site host, and finally the web site, MITM could be lurking inside
anyone of these connections, points or nodes, and as we know so well
at StopBadware, within a script on a web site. Worried? Don't be; just
assume the MITM is there, you have the all the solutions at hand and
mostly free. The answer is in the technical background "cryptography",
i.e. encryption, passwords, Chmod (website file permissions), and
CAPTCHA (establishing the user is a human). Action checklist for all:

Email: use a digital ID or certificate (low cost), PGP encryption
(pretty good privacy - free), and as a surprise for sensitive email I
now use and recommend Gmail with HTTPS, less connections! All this
STOPS any MITM from being able to read your emails.

Web Surfing: Only access online shops or other personal ID sensitive
areas where there is HTTPS (SLL), look at the web address, use secure
and change your passwords regularly. If you really want to be in
control use Firefox with added extras e.g. No-Script (STOPS any
script, unless you say OK), Key Scrambler (encrypts any login or
password entry STOPS keyloggers), set your privacy options not to accept
any cookie (STOPS unwanted and bad cookies from being stored on your
PC), even consider using PHproxy (this STOPS a web site from even
gaining your real IP address).

Webmasters: Only use FTPS to transfer files between your web site and
the PC (this STOPS any MITM from intercepting data), use Chmod to
restrict access to files, encrypt file directories where you can,
apply different passwords to access cPanel, phpMyAdmin, use CAPTCHA
for user logins and apply SSL for user data areas (these actions STOP
any MTIM from gaining access to your files.

Blocking: Probably the best offensive action you can take, think of it
like this "your PC is your home your website is your shop, club, bar,
you have the total right to bar entrance to hooligans or thieves". It
is much easier to refuse entrance than to try and throw the unwanted
visitor out. For example use OpenDNS on your router it is free,
automatically STOPS phishing sites and many other blocking options.
Use banning lists on cPanel, ban spammers on your forum, or ask your
host for help.

Finally refuse to be a victim and hide in the bunker, STOP the MTIM
you actually have all the tools at hand. But…. what if a MITM is
already hiding inside before you go on the offensive? Check and clean
your PC of any BadWare; for the webmaster does your webhost also host
any bad guys? Easy to determine, check the latest block lists on the
web.

- BadMal

Thanks, BadMal! StopBadware welcomes guest post ideas from members of our volunteer community. If there's an issue in badware-fighting that you'd like to help us highlight here, contact us!