Hey!

Today I was seeing my facebook’s timeline and I read this news: “Using Facebook Notes to DDoS any website” from chr13 website. It’s a ridiculous bug that facebook has. It consists in you just put an image from your target website in your facebook’s note.

Instead of facebook read the image and storage the md5 checksum from this file, it just ignores it when you put for example image.jpg?number=1, image.jpg?number=2, image.jpg?number=3. And belive, facebook’s servers is gonna download the files wherever you request.

So.. what’s the solution while facebook doesn’t fix it?

You can put the ip ranges from facebook servers in your iptables using -drop or -reject directive.

How to obtain the facebook’s server list? Just use the follow command and then use iptables to block every ip in the list:

<span class="pln">whois </span><span class="pun">-</span><span class="pln">h whois</span><span class="pun">.</span><span class="pln">radb</span><span class="pun">.</span><span class="pln">net </span><span class="pun">--</span><span class="str">'-i origin AS32934'</span><span class="pun">|</span><span class="pln"> grep </span><span class="pun">^</span><span class="pln">route</span>

iptables -A INPUT -s <span style="color: #ff0000;">IP_HERE</span> -j DROP

References:

https://developers.facebook.com/docs/ApplicationSecurity/

http://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/

http://chr13.com/2014/04/20/using-facebook-notes-to-ddos-any-website/

---

<< All Posts