Articles

Can you trust it ?

by Joaquin F. Telco CEO
Let me start this article with a quick question:

Would you buy a hair save miracle product from a bald guy ?

I continuously get offers for promote my site, to get extra cash, to participate in a new social media, etc, etc

But when I go an step ahead and let me be skeptical , I discover the non trust offers.

Last one I got was for a site, who is few month older, have not enough Google indexed pages, and has not RDNS
offering me viral solutions to promote my webs.
First doubt, why they don't use his fantastic services to do a self-promotion ?

Then I decide, tired of these offers , I am not telling you all are fakes or scams, but just take care and
do a little research before you give them even your email address, to write this article.

Others are like very nice new social media ( Xenzuu ), where they are using a mail server for email validation
that has come blacklisted in DNBLS https://www.dnsbl.info so I am not able to get that email from kunderserver.de
SMTP and of course I am not going to add them to my SMTP white lists !!!
  
Here is a resume of things you can check by your self:

1. Check RDNS ( Reverse Domain Name )
   Open in you computer some Xterm, MS-DOS Console or similary and type:
   ping DOMAIN_TO_INVESTIGATE.xxx
   You will se his IP address, even they don't allow ICMP traffic.

   Now type:
   host IP_YOU_GOT

   If they have RDNS you will see a name related with his domain name.
   If they lack or RDNS you will see his provider name, arbitrary name or even worst EMPTY value.


2. Check how old is the domain name:
   Type:
    whois DOMAIN_TO_INVESTIGATE.xxx
   Check the Creation Date value


3. Check who and where is hosted
   Type:
   whois IP_YOU_GOT
   Is a cheap provider ? is an USA company hosted in China ?
   Has his own IP address or are sharing cheap service providers IP's ?


4. Check how much popular is:
   Open your browser and go to Google.
   Now search "site:DOMAIN_TO_INVESTIGATE.xxx"
   You will get back how much pages they have indexed.
   Opppp they have no more than few ones ? Bad
  
   Next, go to SEMRUSH, Majestic, Alexa and other metrics on-line tools and check for the same domain name.
   May be you discover they said was a viral site and really are getting very little traffic.


5. Has SSL Public Certificate ? What class of Certificate ?
   If the web site has HTTPS in front of it, they are using SSL Certificate.
   If in your web browser the SSL icon appears ok, then seems is a Public CA validated Certificate.
   But you can get a cheap DV ( Domain Validation ) or more expensive OV ( Organization Validation ) or even more expensive  one EV certificate class.

   As you already assume, DV just say that is the domain, nothing about to Certificate his owner, company or who is behind that domain name.

   Click on the SSL icon of your browser and then click on "View Certificate" and you will see who are who.

   If your are on a Shell, you can also issue this command:

   openssl s_client -showcerts -connect DOMAIN_NAME:443

   to collect the full Certificate information.

   Of course for sites offering you buy little value things you can accept one DV, but in general doing e-commerce at least OV must be required in a way you know they are who they say.

6. Check his server "health".
   May novice people mount a server from a tipical Ubuntu, or other Linux

   Distributions, but no just they don't care on be regulations compliance, even they don't take a meassure for  security.

   Probably these sites also are collecting info from you, even only your email.

   I faced cases where for just pre-signin ( and never confirmed my email later ) I got spam  to that email. Notice I created this email just to check this, so is not possible other  spam already know it in just 2 days.

   One excellent tool is NMAP.
   Go to https://nmap.org/ and download it if you already not have it.

   Then you can scan all ports and services in the target server just doing:

   nmap DOMAIN_TO_INVESTIGATE.xxx

   Novice and cheap people will provide you all his server info, even with very interesting opened ports to try an attack.

   Next thing you can check if the server UPTIME, that is the time of the   server since last reboot.
   Is normal sites need a reboot some times, but as long UPTIME then best stable site.
   Don't come in panic if you see an uptime of just 2 days, where the average uptime for that site is 1 year !!!
  
All these 6 checks are the MOST IMPORTANT, failing in just ONE of them may be enough to don't trust the site.
  
If you need more checks to do, don't hesitate ask me and I will expand on how the site is build ( are they using frameworks for non-skills or are they using really programming a site , check on network performance, even install tcpdump, WireShark, Suricata, Snort  and other traffic analizer to show you if a site is injecting you traffic from other, may be maliciosus sites or sending traffic from you to them , etc )

Hope this article help you choosing who to trust and who to blame.




Sponsor Ads


About Joaquin F. Advanced   Telco CEO

84 connections, 0 recommendations, 277 honor points.
Joined APSense since, December 16th, 2017, From Sevilla, Spain.

Created on Feb 10th 2018 13:53. Viewed 1,048 times.

Comments

No comment, be the first to comment.
Please sign in before you comment.