Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!
Have you ever clicked on what you thought was a safe website URL and then all of a sudden your browser/antivirus software blocks the webpage?
Every day, I am alerted to yet another recruitment website falling victim to some sort of security incident. If you own or manage a website,
YOU are responsible for your website’s security and have an implied "duty of care" to provide safe 3rd party links.
Imagine this...
A user clicks on your job boards "Apply Now" button, and is redirected to a 3rd party application form.
Unfortunately the website the user was redirected to is insecure and has been flagged as a badware site.
The user then completes the application form and attaches their resume containing personal details, bank account, visa, passport etc. Guess what?
The user’s details have now been intercepted by another party and can now be used for fraud, identity theft etc. The user may have also downloaded or accepted infected documents.
To reduce the risk associated with 3rd party links. You SHOULD automatically check (wash) all your URL links (within the job advert or linkout URL) as well as the email address (@domain) against known Malware or Black list.
There are various enterprise programs available from security providers, but in this example we will focus on integrating with Google's Safe Browsing API.
The
Google Safe Browsing API is an experimental service that allows you check URLs against Google's constantly-updated blacklists of suspected phishing and malware pages.
If you use Firefox you would already be familiar with the
malware or phishing warning screen that shows up when you visit suspicious sites. You will use this API to download an encrypted table for local, client-side lookups of URLs.
A small company can obtain the API key and query Google Safe Browsing API directly. There is no need to maintain local list of md5 hashes. This approach is a lot simpler. Another advantage - you always use a fresh list of URLs (no 30 min delay until the next execution of a cron job)
Making calls to the API is pretty straightforward. You need to first register with Google to get a developer key in order to access the service. Once you do this you simply call a certain URL which responds with a list of
MD5 hash values to suspected malware sites.
It is important to note for privacy and security reasons; we are not directly comparing the real URL against another list of URLs. Instead comparing the MD5 hashes (which in theory, almost can't be reversed back to the original URL string)
Step 1. Sign up for an
API developer keyStep 2. Set up 2 tables in your local database to store the downloaded lists (see example code below).
Step 3. Create 2 pages
google_malware.php &
google_blacklist.php (see example code below). You will need to set up a cron job every 30 minutes to automatically download the updated lists.
Step 4. Create a script to check all your URLs (converting to md5) against the downloaded malware/black list on every update.
If the script finds a match between your website's data and the downloaded malware/black list you should immediately change the status of the job advert to "offline". Inform the advertiser of your findings and manually check the URL with your own browser.
Create Database Tables
<![CDATA[CREATE TABLE IF NOT EXISTS google_malware (
malware_hash VARCHAR(28) NOT NULL DEFAULT ''
PRIMARY KEY (malware_hash))
CREATE TABLE IF NOT EXISTS google_blacklist (
blacklist_hash VARCHAR(28) NOT NULL DEFAULT '',
PRIMARY KEY (blacklist_hash))]]>
goolgle_malware.php
<![CDATA[<?php
$conn = mysql_connect('localhost', 'DATABASE_USERNAME', 'DATABASE_PASSWORD') or die(mysql_error());
mysql_select_db('DATABASE_NAME') or die(mysql_error());
$api_key = "GOOGLE_SAFE_BROWSING_API_KEY";
$version_malware = "goog-malware-hash";
$google_url = "http://sb.google.com/safebrowsing/update";
// ################ MALWARE LIST DOWNLOAD ################
//open the remote URL
$target_mal = "$google_url?client=api&apikey=$api_key&version=$version_malware:1:-1";
$handle_mal = fopen("$target_mal", 'r') or die("Couldn't open file handle " . $target_mal);
//populate the db
if ($handle_mal) {
while (!feof($handle_mal)) {
$line_mal = fgets($handle_mal);
//ignore the first line
if (substr($line_mal,0,1) != '[') {
$operation_mal = (substr($line_mal,0,1)); //get the '+' or '-'
$hash_mal = substr($line_mal,1); //get the md5 hash
$hash_mal = mysql_real_escape_string($hash_mal); //just to be safe
if ($operation_mal == '+')
$sql_mal = 'INSERT INTO google_malware SET malware_hash = \''.$hash_mal.'\'';
else
$sql_mal = 'DELETE FROM google_malware WHERE malware_hash = \''.$hash_mal.'\'';
mysql_query($sql_mal) or die(mysql_error());
}
}
echo 'MALWARE table downloaded.';
fclose($handle_mal);
}
mysql_close($conn);
?>]]>
google_blacklist.php
<![CDATA[<?php
$conn = mysql_connect('localhost', 'DATABASE_USERNAME', 'DATABASE_PASSWORD') or die(mysql_error());
mysql_select_db('DATABASE_NAME') or die(mysql_error());
$api_key = "GOOGLE_SAFE_BROWSING_API_KEY";
$version_blacklist = "goog-black-hash";
$google_url = "http://sb.google.com/safebrowsing/update";
// ################ BLACK LIST DOWNLOAD ################
//open the remote URL
$target_bla = "$google_url?client=api&apikey=$api_key&version=$version_blacklist:1:-1";
$handle_bla = fopen("$target_bla", 'r') or die("Couldn't open file handle " . $target_bla);
//populate the db
if ($handle_bla) {
while (!feof($handle_bla)) {
$line_bla = fgets($handle_bla);
//ignore the first line
if (substr($line_bla,0,1) != '[') {
$operation_bla = (substr($line_bla,0,1)); //get the '+' or '-'
$hash_bla = substr($line_bla,1); //get the md5 hash
$hash_bla = mysql_real_escape_string($hash_bla); //just to be safe
if ($operation_bla == '+')
$sql_bla = 'INSERT INTO google_blacklist SET blacklist_hash = \''.$hash_bla.'\'';
else
$sql_bla = 'DELETE FROM google_blacklist WHERE blacklist_hash = \''.$hash_bla.'\'';
mysql_query($sql_bla) or die(mysql_error());
}
}
echo 'BLACKLIST table downloaded.';
fclose($handle_bla);
}
mysql_close($conn);
?>]]>
Direct URL: http://www.recruitmentdirectory.com.au/Blog/is-your-job-site-redirecting-candidates-to-insecure-websites-a275.htmlTags: vulnerability sql injection privacy mysql exploit encryption email database phishing blacklist malware md5 hash php script security safety recruitment website job board google safe browsing api hacking api identity theft 
Hide Comments (0)
Back to Menu
Email Article
Print Article
