10MinuteMail

/10MinuteMail

Interesting Phishing Technique

I got contacted today with a non-form e-mail from a person offering a partnership which would “highly increase your context advertisement block (adsense) earnings” on 10MinuteMail. Essentially saying that they could increase my ad revenue, and would do that for a share of the increased revenue.

Which sounds good as I was wondering if there was stuff I could be doing with layout or ad types to help increase clicks, except this was from a random guy at a gmx.com address, with no company name. Googling his name and e-mail address turned up nothing. So I replied asking for his company info or references, etc…

Sorry, but our company has no web
site.
You will easteablish our credibility during partnership with us.
Lets just try it first, ok?
Put this code between the body tags on your 10minutemail.com
main page only:
<img src=”some russian site” />
It is an 1*1px transparent image.

Supposedly after I do that I’ll see the result in a couple of days.

So wow, little warning bells are now big warning bells. Adding a web bug can’t impact your Google adsense revenue. Adding a web bug to your site from a domain name with no website that’s registered by someone in Russia seems like a TERRIBLE idea! So of course I said no.

What do you think? Some sort of XSS attack, or cookie attack? I’m just not sure what the end game would be on this…

10MinuteMail and Form Submission Charsets in Seam/JSF

I launched a minor update to 10MinuteMail.com last night. It contained:

  1. Changed the mail domain to owlpic.com
  2. Updated the Russian language translation (thanks to Vladimir)
  3. Fixed a bug where replying to an e-mail using a non-latin character set would result in an unreadable e-mail (also thanks to Vladimir for pointing this out)

This last issue was an odd one to fix, so I wanted to document it here (although the same fix can be found elsewhere on the net).

10MinuteMail.com is pretty well internationalized. The site content is translated into over 30 languages and the pages are served as UTF-8. Incoming e-mails are also displayed using UTF-8 and display non-latin character sets correctly. However, until this latest release, if you replied to an e-mail using non-latin characters, the resulting e-mail contained gibberish instead of the correct characters.

I started off by adding UTF-8 as the specified character set for outgoing e-mails. That didn’t help. I added UTF-8 encoding declaration attribute to the form element. That didn’t help. Finally after some frustration, googling, and trying a ton of things, I discovered that for some reason, and I”m not sure if the bug is in JBoss, JSF, Seam, or where exactly, but you have to set the request objects character encoding programmatically for each request, otherwise it will use the wrong encoding on the form contents and you end up with gibberish. The easiest way to solve this that I’ve found so far is to create a small Servlet Filter that sets the encoding on the request, and add that filter in before your Seam filter in your web.xml. It worked for me.

The filter:

[java] package com.digitalsanctuary.seam;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
* The Class UTF8Filter.
*/
public class UTF8Filter implements Filter {

/** The Constant UTF_8. */
private static final String UTF_8 = "UTF-8";

/**
* Destroy.
*
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
}

/**
* Do filter.
*
* @param pRequest
* the request
* @param pResponse
* the response
* @param pChain
* the chain
* @throws IOException
* Signals that an I/O exception has occurred.
* @throws ServletException
* the servlet exception
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest pRequest, ServletResponse pResponse, FilterChain pChain) throws IOException,
ServletException {
pRequest.setCharacterEncoding(UTF_8);
pChain.doFilter(pRequest, pResponse);
}

/**
* Inits the.
*
* @param arg0
* the arg0
* @throws ServletException
* the servlet exception
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig arg0) throws ServletException {
}

}[/java]

An excerpt of web.xml:

[xml] ….
<filter>
<filter-name>UTF8 Filter</filter-name>
<filter-class>com.digitalsanctuary.seam.UTF8Filter</filter-class>
</filter>

<filter-mapping>
<filter-name>UTF8 Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>Seam Filter</filter-name>
<filter-class>org.jboss.seam.servlet.SeamFilter</filter-class>
</filter>

<filter-mapping>
<filter-name>Seam Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
….

[/xml]

Does anyone have a better fix or know exactly why this happens?

Don’t Cross the Streams!

It’s always funny when different aspects of your lives cross. For instance:

10MinuteMail is one of my projects, and Ulta is a contracting client I do a lot of work for. It’s just funny to see an Ulta ad on 10MinuteMail:)

DDOS Against 10MinuteMail

You may have noticed 10MinuteMail was unavailable for a few minutes over the last couple of days. 10MinuteMail recently came under a DDOS attack which locked up the site a few times. Most of the malicious traffic came from the Netherlands, Germany, and to a lesser extend other European countries and the USA. Initially I dealt with it by generating a list of the malicious IPs and adding them to my block list. However, the DDOS kept spreading (botnet?) so I finally did what I should have done ages ago, and tuned my CSF/IPTables firewall to block DDOS patterns. So far so good:)

I have NO IDEA why anyone would be attacking 10MinuteMail. It’s very odd.