Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

Is your Job Site redirecting Candidates to insecure websites?

Posted By: Thomas Shaw, 5:30pm Wednesday 07 October 2009    Print Article

Have you ever clicked on what you thought was a safe website URL and then all of a sudden your browser/antivirus software blocks the webpage?

Every day, I am alerted to yet another recruitment website falling victim to some sort of security incident. If you own or manage a website, YOU are responsible for your website’s security and have an implied "duty of care" to provide safe 3rd party links.

Imagine this...

A user clicks on your job boards "Apply Now" button, and is redirected to a 3rd party application form.

Unfortunately the website the user was redirected to is insecure and has been flagged as a badware site.

The user then completes the application form and attaches their resume containing personal details, bank account, visa, passport etc.


Guess what?

The user’s details have now been intercepted by another party and can now be used for fraud, identity theft etc. The user may have also downloaded or accepted infected documents.

To reduce the risk associated with 3rd party links. You SHOULD automatically check (wash) all your URL links (within the job advert or linkout URL) as well as the email address (@domain) against known Malware or Black list.

There are various enterprise programs available from security providers, but in this example we will focus on integrating with Google's Safe Browsing API.

The Google Safe Browsing API is an experimental service that allows you check URLs against Google's constantly-updated blacklists of suspected phishing and malware pages.

If you use Firefox you would already be familiar with the malware or phishing warning screen that shows up when you visit suspicious sites. You will use this API to download an encrypted table for local, client-side lookups of URLs.

A small company can obtain the API key and query Google Safe Browsing API directly. There is no need to maintain local list of md5 hashes. This approach is a lot simpler. Another advantage - you always use a fresh list of URLs (no 30 min delay until the next execution of a cron job)

Making calls to the API is pretty straightforward. You need to first register with Google to get a developer key in order to access the service. Once you do this you simply call a certain URL which responds with a list of MD5 hash values to suspected malware sites.

It is important to note for privacy and security reasons; we are not directly comparing the real URL against another list of URLs. Instead comparing the MD5 hashes (which in theory, almost can't be reversed back to the original URL string)

Step 1. Sign up for an API developer key

Step 2. Set up 2 tables in your local database to store the downloaded lists (see example code below).

Step 3. Create 2 pages google_malware.php & google_blacklist.php (see example code below). You will need to set up a cron job every 30 minutes to automatically download the updated lists.

Step 4. Create a script to check all your URLs (converting to md5) against the downloaded malware/black list on every update.

If the script finds a match between your website's data and the downloaded malware/black list you should immediately change the status of the job advert to "offline". Inform the advertiser of your findings and manually check the URL with your own browser.


Create Database Tables
CREATE TABLE IF NOT EXISTS google_malware ( malware_hash VARCHAR(28) NOT NULL DEFAULT '' PRIMARY KEY (malware_hash)) CREATE TABLE IF NOT EXISTS google_blacklist ( blacklist_hash VARCHAR(28) NOT NULL DEFAULT '', PRIMARY KEY (blacklist_hash))


goolgle_malware.php
<?php $conn = mysql_connect('localhost', 'DATABASE_USERNAME', 'DATABASE_PASSWORD') or die(mysql_error()); mysql_select_db('DATABASE_NAME') or die(mysql_error()); $api_key = "GOOGLE_SAFE_BROWSING_API_KEY"; $version_malware = "goog-malware-hash"; $google_url = "http://sb.google.com/safebrowsing/update"; // ################ MALWARE LIST DOWNLOAD ################ //open the remote URL $target_mal = "$google_url?client=api&apikey=$api_key&version=$version_malware:1:-1"; $handle_mal = fopen("$target_mal", 'r') or die("Couldn't open file handle " . $target_mal); //populate the db if ($handle_mal) { while (!feof($handle_mal)) { $line_mal = fgets($handle_mal); //ignore the first line if (substr($line_mal,0,1) != '[') { $operation_mal = (substr($line_mal,0,1)); //get the '+' or '-' $hash_mal = substr($line_mal,1); //get the md5 hash $hash_mal = mysql_real_escape_string($hash_mal); //just to be safe if ($operation_mal == '+') $sql_mal = 'INSERT INTO google_malware SET malware_hash = \''.$hash_mal.'\''; else $sql_mal = 'DELETE FROM google_malware WHERE malware_hash = \''.$hash_mal.'\''; mysql_query($sql_mal) or die(mysql_error()); } } echo 'MALWARE table downloaded.'; fclose($handle_mal); } mysql_close($conn); ?>


google_blacklist.php
<?php $conn = mysql_connect('localhost', 'DATABASE_USERNAME', 'DATABASE_PASSWORD') or die(mysql_error()); mysql_select_db('DATABASE_NAME') or die(mysql_error()); $api_key = "GOOGLE_SAFE_BROWSING_API_KEY"; $version_blacklist = "goog-black-hash"; $google_url = "http://sb.google.com/safebrowsing/update"; // ################ BLACK LIST DOWNLOAD ################ //open the remote URL $target_bla = "$google_url?client=api&apikey=$api_key&version=$version_blacklist:1:-1"; $handle_bla = fopen("$target_bla", 'r') or die("Couldn't open file handle " . $target_bla); //populate the db if ($handle_bla) { while (!feof($handle_bla)) { $line_bla = fgets($handle_bla); //ignore the first line if (substr($line_bla,0,1) != '[') { $operation_bla = (substr($line_bla,0,1)); //get the '+' or '-' $hash_bla = substr($line_bla,1); //get the md5 hash $hash_bla = mysql_real_escape_string($hash_bla); //just to be safe if ($operation_bla == '+') $sql_bla = 'INSERT INTO google_blacklist SET blacklist_hash = \''.$hash_bla.'\''; else $sql_bla = 'DELETE FROM google_blacklist WHERE blacklist_hash = \''.$hash_bla.'\''; mysql_query($sql_bla) or die(mysql_error()); } } echo 'BLACKLIST table downloaded.'; fclose($handle_bla); } mysql_close($conn); ?>



Article URL: http://www.recruitmentdirectory.com.au/Blog/is-your-job-site-redirecting-candidates-to-insecure-websites-a275.html

Article Tags: api hacking google safe browsing api job board recruitment website safety security php script md5 hash malware blacklist phishing database email encryption exploit mysql privacy sql injection vulnerability identity theft

Comments Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Using the LinkedIn API
Published: 9:37pm Tuesday 01 December 2009

2010 Email Marketing Benchmark Report - HR/Recruitment Sector
Published: 1:46pm Monday 02 August 2010

Job Board Statistics - Sep 09
Published: 1:37pm Monday 19 October 2009

Integrating Facebook Connect in your job site is not rocket science
Published: 1:08pm Monday 12 April 2010

Upcoming Webinar - Recruitment Rumble
Published: 9:08pm Thursday 30 April 2009