Today I run into domain abuse while working on a WordPress project due to a typo in the TLD. A foreign server happily served me the requested files but with spiced content. This looked unsuspicious at first glance.
Now this is something that doesn’t happen every day [to me]. I haven’t touched PHP and WordPress in years so I don’t have a workflow established for this any more. Today I got the job to upgrade some legacy system. So I checked out the project from git, configured some dnsmasq magic and launched a local PHP development server and browser.
I was astonished when the project came up in the zero profile development chrome and the first link I clicked opened a new tab presenting me with some scam ringing all alarm bells. I’m on localhost! And Linux! What happened? Do we have an infected project in our git repository? So I started digging.
So yeah.. you can throw any domain at this. It will happily serve malware, or spam or whatever it’s up to today. It’s just waiting for a typing error.
There’s a lesson here. Watch careful what domain you really use. Don’t be lazy and make use of SSL/CORS even in development. I can’t help me from having some respect for this idea and there are probably others doing the same.